Problem with certificate authentication at wlc 4402

Hi,
we have a problem to get a connection from the client to the WLC. 
we  are using Cisco Aironet 1130 AG and a Cisco 4402 WLC in our network. The certificate service is installed on a Windows 2008 R2 server. We use a standalone Root CA with a Enterprise Sub CA hierarchy. Issueing certificates to clients works fine. The vendor and ca certificates are installed on the WLC and the user have his user certificate. During implementation we used following document: "http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml#wlc". Instead of Anonymous Bind, we use a service user to read in AD (works fine, too).
We use the Intel/PRO wireless utility on our Testclient and configured it for EAP-FAST and TLS. We can select the installed certificate in the utility, but when we try to connect, the utility throw the message: "Authentication failed due to an invalid certificate".
We´ve logged the WLC and thats a part of the logfile (i´ve greyed out all enterprise data):
*EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
*LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (...)))
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
*LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="..." (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=... (size 76)
*LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
*LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: ...(0x78000041)
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
*EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
*EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1  Flags:S  Length:0x0014
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422:     Payload:  00040010436973636F00000000000000 ...
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x001a  Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422:     Payload:  2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST  ID:0x 2  Length:0x001a  Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422:     Payload:  2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE  ID:0x 2  Length:0x0042  Type:FAST
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422:     Payload:  810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE  ID:0x 2  Length:0x0042  Type:FAST
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422:     Payload:  810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
*EAP
Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event
'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
*EAP
Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
*EAP
Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : ...
*EAP Framework: Jan 18
12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : ...
*EAP Framework: Jan 18
12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th,
17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
*EAP
Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject :
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=...
*EAP
Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from
'2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
*EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
*EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
*EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0033
*EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422:     Payload:  0100002F03014F16A8262631FC9DC042 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello  Length:0x002F
*EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422:     Payload:  03014F16A8262631FC9DC042253D3E24 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_RSA_WITH_RC4_128_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT:     TLS_DH_anon_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x002A
*EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422:     Payload:  0200002603015F3325EADF12E6296F91 ...
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello  Length:0x0026
*EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422:     Payload:  03015F3325EADF12E6296F91530FE67F ...
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0B54
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422:     Payload:  0B000B50000B4D00059F3082059B3082 ...
*EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate  Length:0x0B50
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422:     Payload:  000B4D00059F3082059B30820483A003 ...
*EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
*EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
*EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x028D
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422:     Payload:  0C0002890100FFFFFFFFFFFFFFFFC90F ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange  Length:0x0289
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422:     Payload:  0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x000B
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422:     Payload:  0D00000704030401020000
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request  Length:0x0007
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422:     Payload:  04030401020000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0004
*EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422:     Payload:  0E000000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done  Length:0x0000
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1  Flags:LM  Length:0x03DE
*EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422:     Payload:  160301002A0200002603015F3325EADF ...
*EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x03e8  Type:FAST
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422:     Payload:  C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST  ID:0x 3  Length:0x03e8  Type:FAST
*EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422:     Payload:  C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE  ID:0x 6  Length:0x015c  Type:FAST
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422:     Payload:  810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE  ID:0x 6  Length:0x015c  Type:FAST
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  810000015216030100070B0000030000 ...
*EAP
Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received
TLS record type: Handshake in state: Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0007
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  0B000003000000
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate  Length:0x0003
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  000000
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert  Version:0301  Length:0x0002
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  0228
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1  Flags:L  Length:0x0007
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  15030100020228
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x0011  Type:FAST
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  810000000715030100020228
*EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST  ID:0x 7  Length:0x0011  Type:FAST
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422:     Payload:  810000000715030100020228
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
We think that the reason why it didn´t work, is the part:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
But we aren´t sure.
Maybe anyone can help us. Many thanks in advance.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.01.18 12:08:18 =~=~=~=~=~=~=~=~=~=~=~=
debug aaa all disable                     debug aaa all enable(Cisco Controller) >*Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc Audit Session ID added to the mscb: 0a63081e000000994f16a825
*Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: Creating audit session ID (dot1x_aaa_eapresp_supp) and Radius Request
*aaaQueueReader: Jan 18 12:08:21.917: AuthenticationRequest: 0x30b52e90
*aaaQueueReader: Jan 18 12:08:21.917: Callback.....................................0x10b7803c*aaaQueueReader: Jan 18 12:08:21.917: protocolType.................................0x00140001*aaaQueueReader: Jan 18 12:08:21.917: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.917: Packet contains 16 AVPs (not shown)*aaaQueueReader: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc [Error] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*aaaQueueReader: Jan 18 12:08:21.918: 18:3d:a2:0a:ec:bc Returning AAA Error 'No Server' (-7) for mobile 18:3d:a2:0a:ec:bc
*aaaQueueReader: Jan 18 12:08:21.918: AuthorizationResponse: 0x3e04bd08
*aaaQueueReader: Jan 18 12:08:21.918: structureSize................................32*aaaQueueReader: Jan 18 12:08:21.918: resultCode...................................-7*aaaQueueReader: Jan 18 12:08:21.918: protocolUsed.................................0xffffffff*aaaQueueReader: Jan 18 12:08:21.918: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.918: Packet contains 0 AVPs:*aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: Creating new context
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received context create from lower layer (0x0000013F)
*aaaQueueReader: Jan 18 12:08:21.918: id_manager.c-AUTH-SM: Got new ID 78000041 - id_get
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received credential profile name: "(null)" from LL
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Allocated new EAP context (handle = 0x78000041)
*aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: Created new context eap session handle 78000041
*aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 1) to EAP subsys
*EAP Framework: Jan 18 12:08:21.919: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:21.920: eap_core.c:1484: Code:RESPONSE  ID:0x 1  Length:0x002b  Type:IDENTITY
*EAP Framework: Jan 18 12:08:21.920: eap_core.c:1422:     Payload:  416E6472652E54736368656E74736368 ...
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response type = Identity
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: Received peer identity: [email protected]
*EAP Framework: Jan 18 12:08:21.920: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_USERNAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.920: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.921: LOCAL_AUTH: (EAP) Sending user credential request username '[email protected]' to LDAP
*aaaQueueReader: Jan 18 12:08:21.921: AuthenticationRequest: 0x33a6ae18
*aaaQueueReader: Jan 18 12:08:21.921: Callback.....................................0x10765234*aaaQueueReader: Jan 18 12:08:21.921: protocolType.................................0x00100002*aaaQueueReader: Jan 18 12:08:21.921: proxyState...................................18:3D:A2:0A:EC:BC-00:00*aaaQueueReader: Jan 18 12:08:21.921: Packet contains 2 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
*LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.922: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.925: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP server 1 changed state to CONNECTED
*LDAP DB Task 1: Jan 18 12:08:21.925: disabled LDAP_OPT_REFERRALS*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (base=DC=group,DC=jenoptik,DC=corp, pattern=(&(objectclass=Person)([email protected])))
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
*LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="DC=group,DC=jenoptik,DC=corp" type="Person" attr="userPrincipalName" user="[email protected]" (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (size 76)
*LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
*LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc
*LDAP DB Task 1: Jan 18 12:08:21.927: structureSize................................180*LDAP DB Task 1: Jan 18 12:08:21.927: resultCode...................................0*LDAP DB Task 1: Jan 18 12:08:21.927: protocolUsed.................................0x00000002*LDAP DB Task 1: Jan 18 12:08:21.927: proxyState...................................18:3D:A2:0A:EC:BC-00:00*LDAP DB Task 1: Jan 18 12:08:21.928: Packet contains 2 AVPs:*LDAP DB Task 1: Jan 18 12:08:21.928:     AVP[01] Unknown Attribute 0......................CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (76 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928:     AVP[02] User-Name................................Andre.Tschentscher@group.jenoptik.corp (38 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: [email protected] (0x78000041)
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
*EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
*EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1  Flags:S  Length:0x0014
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422:     Payload:  00040010436973636F00000000000000 ...
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x001a  Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422:     Payload:  2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST  ID:0x 2  Length:0x001a  Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422:     Payload:  2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:21.933: structureSize................................74*EAP Framework: Jan 18 12:08:21.933: resultCode...................................255*EAP Framework: Jan 18 12:08:21.933: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:21.933: proxyState...................................18:3D:A2:0A:EC:BC-02:00*EAP Framework: Jan 18 12:08:21.934: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE  ID:0x 2  Length:0x0042  Type:FAST
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422:     Payload:  810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE  ID:0x 2  Length:0x0042  Type:FAST
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422:     Payload:  810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile '[email protected]' (username '[email protected]')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : C=DE, ST=Thuringia, L=Jena, O=Jenoptik AG, OU=Jenoptik SSC GmbH, CN=Cisco WLC 1st, [email protected]
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th, 17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
*EAP Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=Jenoptik Certificate Authority
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from '2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
*EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
*EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
*EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0033
*EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422:     Payload:  0100002F03014F16A8262631FC9DC042 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello  Length:0x002F
*EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422:     Payload:  03014F16A8262631FC9DC042253D3E24 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_RSA_WITH_RC4_128_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT:     TLS_DH_anon_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x002A
*EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422:     Payload:  0200002603015F3325EADF12E6296F91 ...
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello  Length:0x0026
*EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422:     Payload:  03015F3325EADF12E6296F91530FE67F ...
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0B54
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422:     Payload:  0B000B50000B4D00059F3082059B3082 ...
*EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate  Length:0x0B50
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422:     Payload:  000B4D00059F3082059B30820483A003 ...
*EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
*EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
*EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x028D
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422:     Payload:  0C0002890100FFFFFFFFFFFFFFFFC90F ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange  Length:0x0289
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422:     Payload:  0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x000B
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422:     Payload:  0D00000704030401020000
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request  Length:0x0007
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422:     Payload:  04030401020000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0004
*EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422:     Payload:  0E000000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done  Length:0x0000
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1  Flags:LM  Length:0x03DE
*EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422:     Payload:  160301002A0200002603015F3325EADF ...
*EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x03e8  Type:FAST
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422:     Payload:  C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST  ID:0x 3  Length:0x03e8  Type:FAST
*EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422:     Payload:  C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.687: structureSize................................1048*EAP Framework: Jan 18 12:08:22.687: resultCode...................................255*EAP Framework: Jan 18 12:08:22.687: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.688: proxyState...................................18:3D:A2:0A:EC:BC-02:01*EAP Framework: Jan 18 12:08:22.688: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.700: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 3) to EAP subsys
*EAP Framework: Jan 18 12:08:22.701: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.701: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.702: eap_core.c:1484: Code:RESPONSE  ID:0x 3  Length:0x0006  Type:FAST
*EAP Framework: Jan 18 12:08:22.702: eap_core.c:1422:     Payload:  01
*EAP Framework: Jan 18 12:08:22.702: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.704: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c:138: Version: 1  Flags:M  Length:0x03E2
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422:     Payload:  3A2F2F2F434E3D4A656E6F7074696B25 ...
*EAP Framework: Jan 18 12:08:22.705: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x03e8  Type:FAST
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422:     Payload:  413A2F2F2F434E3D4A656E6F7074696B ...
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.707: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.707: eap_core.c:1484: Code:REQUEST  ID:0x 4  Length:0x03e8  Type:FAST
*EAP Framework: Jan 18 12:08:22.707: eap_core.c:1422:     Payload:  413A2F2F2F434E3D4A656E6F7074696B ...
*EAP Framework: Jan 18 12:08:22.707: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.709: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.709: structureSize................................1048*EAP Framework: Jan 18 12:08:22.709: resultCode...................................255*EAP Framework: Jan 18 12:08:22.709: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.710: proxyState...................................18:3D:A2:0A:EC:BC-02:02*EAP Framework: Jan 18 12:08:22.710: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.710: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.711: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.724: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 4) to EAP subsys
*EAP Framework: Jan 18 12:08:22.724: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.725: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.725: eap_core.c:1484: Code:RESPONSE  ID:0x 4  Length:0x0006  Type:FAST
*EAP Framework: Jan 18 12:08:22.725: eap_core.c:1422:     Payload:  01
*EAP Framework: Jan 18 12:08:22.725: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c:138: Version: 1  Flags:M  Length:0x03E2
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422:     Payload:  BD84CC4BF49A766267DA94429BEBE087 ...
*EAP Framework: Jan 18 12:08:22.728: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x03e8  Type:FAST
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422:     Payload:  41BD84CC4BF49A766267DA94429BEBE0 ...
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.730: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.730: eap_core.c:1484: Code:REQUEST  ID:0x 5  Length:0x03e8  Type:FAST
*EAP Framework: Jan 18 12:08:22.730: eap_core.c:1422:     Payload:  41BD84CC4BF49A766267DA94429BEBE0 ...
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.731: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.732: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.732: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.732: structureSize................................1048*EAP Framework: Jan 18 12:08:22.732: resultCode...................................255*EAP Framework: Jan 18 12:08:22.733: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.733: proxyState...................................18:3D:A2:0A:EC:BC-02:03*EAP Framework: Jan 18 12:08:22.733: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.746: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 5) to EAP subsys
*EAP Framework: Jan 18 12:08:22.747: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.747: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.748: eap_core.c:1484: Code:RESPONSE  ID:0x 5  Length:0x0006  Type:FAST
*EAP Framework: Jan 18 12:08:22.748: eap_core.c:1422:     Payload:  01
*EAP Framework: Jan 18 12:08:22.748: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.750: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c:138: Version: 1  Flags:  Length:0x0291
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422:     Payload:  34C4C6628B80DC1CD129024E088A67CC ...
*EAP Framework: Jan 18 12:08:22.751: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x0297  Type:FAST
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422:     Payload:  0134C4C6628B80DC1CD129024E088A67 ...
*EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.752: eap_core.c:1484: Code:REQUEST  ID:0x 6  Length:0x0297  Type:FAST
*EAP Framework: Jan 18 12:08:22.752: eap_core.c:1422:     Payload:  0134C4C6628B80DC1CD129024E088A67 ...
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.754: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.754: structureSize................................711*EAP Framework: Jan 18 12:08:22.754: resultCode...................................255*EAP Framework: Jan 18 12:08:22.754: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.754: proxyState...................................18:3D:A2:0A:EC:BC-02:04*EAP Framework: Jan 18 12:08:22.754: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE  ID:0x 6  Length:0x015c  Type:FAST
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422:     Payload:  810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE  ID:0x 6  Length:0x015c  Type:FAST
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0007
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  0B000003000000
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate  Length:0x0003
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  000000
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert  Version:0301  Length:0x0002
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  0228
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1  Flags:L  Length:0x0007
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  15030100020228
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x0011  Type:FAST
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  810000000715030100020228
*EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST  ID:0x 7  Length:0x0011  Type:FAST
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422:     Payload:  810000000715030100020228
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.834: structureSize................................65*EAP Framework: Jan 18 12:08:22.834: resultCode...................................255*EAP Framework: Jan 18 12:08:22.835: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.835: proxyState...................................18:3D:A2:0A:EC:BC-02:05*EAP Framework: Jan 18 12:08:22.835: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 11
*EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 7) to EAP subsys
*EAP Framework: Jan 18 12:08:22.838: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.839: eap_core.c:1484: Code:RESPONSE  ID:0x 7  Length:0x0006  Type:FAST
*EAP Framework: Jan 18 12:08:22.839: eap_core.c:1422:     Payload:  01
*EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.840: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.840: eap_core.c:1484: Code:RESPONSE  ID:0x 7  Length:0x0006  Type:FAST
*EAP Framework: Jan 18 12:08:22.840: eap_core.c:1422:     Payload:  01
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Received ACK from peer
*EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method state: Done
*EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Received get canned status from lower layer (0x78000041)
*EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Sending method directive 'Free Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.840: eap_fast.c-EVENT: Free context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.840: id_manager.c-AUTH-SM: Entry deleted fine id f700000e - id_delete
*EAP Framework: Jan 18 12:08:22.840: IOS_PKI_SHIM: Session 0x335ee108 deleted
*EAP Framework: Jan 18 12:08:2

Now we found the reason.
The WLC doesn´t work with the Sub CA respectively with chain certificates for device authentication.
"Support for Chained Certificate
In controller versions earlier than 5.1.151.0, web authentication  certificates can be only device certificates and should not contain the  CA roots chained to the device certificate (no chained certificates).
With controller version 5.1.151.0 and later, the controller allows  for the device certificate to be downloaded as a chained certificate for  web authentication.
Certificate Levels
Level 0—Use of only a server certificate on WLC.
Level 1—Use of server certificate on WLC and a CA root certificate.
Level 2—Use of server certificate on WLC, one single CA intermediate certificate, and a CA root certificate.
Level 3—Use of server certificate on WLC, two CA intermediate certificates, and a CA root certificate.
WLC does not support chained certificates more than 10KB size on the WLC.
Note: Chained certificates are supported for web authentication only; they are not supported for the management certificate."
So the WLC can´t decode the peer certificate.

Similar Messages

  • Link Problem with port 2 in WLC 4402

    Hi,
    I have a problem with port 2 in Wireless Lan Controler 4402. The problem is that the distribution port 2 of the WLC not link with the switch (3750). We receive the WLC and we follow the autostart wizard and we enable LAG. The wizard finish, I restart the system and all works fine. The two distribution ports of WLC, 1 and 2 appears UP and the LAG works correctly. After this we upgrade the firmware of the WLC to the version AIR-WLC4400-k9-6-0-182-0.aes and we restart the system again but at this time port 2 does not link and port 1 link OK. We do not know the reason why port 2 doesn´t link? Could you help me ?
    Thank in advance.
    Regards.

    Does it properly refuse authentication ? Or does the login page stop appearing or something ?
    There was a bug with the webauth dying under heavy load, regardless of number of identical accounts used.
    One good way for you to check would be, when problem occurs, to create a second backup guest user and see if that would start working. If it doesn't, the account is not the problem.
    I'm not aware of any maximum of usage of the same account.
    Which 4.2 exactly are you running ?

  • Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

    I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
    When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
    to use to log in   and after 3-5 second
     and return me the logon page with error message “Authentication failed” 
    I base my setup on the technet article
    http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
    I validated than all my certificate are valid and able to retrieve the crl
    I got in eventlog id 300
    The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
    Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
    Additional Data
    Exception details:
    Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
    ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
    correctly, but one of the CA certificates is not trusted by the policy provider.
    at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
    at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
    --- End of inner exception stack trace ---
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
    at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
    serializationContext, AsyncCallback asyncCallback, Object asyncState)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
    trustNamespace, AsyncCallback callback, Object state)
    System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
    failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
    at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
    at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
    thx
    Stef71

    This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
    on my case was :
    PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
    cer\SP2K10\ad0001.cer")
    PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
    Certificate                 : [Subject]
                                    CN=domain.AD0001CA, DC=domain, DC=com
                                  [Issuer]
                                    CN=domain.AD0001CA, DC=portal, DC=com
                                  [Serial Number]
                                    blablabla
                                  [Not Before]
                                    22/07/2014 11:32:05
                                  [Not After]
                                    22/07/2024 11:42:00
                                  [Thumbprint]
                                    blablabla
    Name                        : domain.ad0001
    TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
    DisplayName                 : domain.ad0001
    Id                          : blablabla
    Status                      : Online
    Parent                      : SPTrustedRootAuthorityManager
    Version                     : 17164
    Properties                  : {}
    Farm                        : SPFarm Name=SharePoint_Config
    UpgradedPersistedProperties : {}
    PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
    cer\SP2K10\ADFS_Signing.cer")
    PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
    Certificate                 : [Subject]
                                    CN=ADFS Signing - adfs.domain
                                  [Issuer]
                                    CN=ADFS Signing - adfs.domain
                                  [Serial Number]
                                    blablabla
                                  [Not Before]
                                    23/07/2014 07:14:03
                                  [Not After]
                                    23/07/2015 07:14:03
                                  [Thumbprint]
                                    blablabla
    Name                        : Token Signing Cert
    TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
    DisplayName                 : Token Signing Cert
    Id                          : blablabla
    Status                      : Online
    Parent                      : SPTrustedRootAuthorityManager
    Version                     : 17184
    Properties                  : {}
    Farm                        : SPFarm Name=SharePoint_Config
    UpgradedPersistedProperties : {}
    PS C:\Users\administrator.PORTAL>

  • Windows 7 Home Premium with 802.1x problems with the Authentication

    We have problems with  OS Windows 7 Home Premium 802.1x, the message in ACS:
    EAP-TLS or PEAP authentication failed during SSL handshake
    ACS v4.1
    We have OS Windows 7 Professional and doesn´t have problems with the authentication.
    I hope that you can help me
    Regards

    We were investigated with specialist people of OS Windows and the conclusion was that the Home Premium Version has restrictions about authentication and domain (Active Directory). So we need change the version of OS (Proffessional for example).
    If you had another tip, please tell me and I try it for resolve this issue, if not we have to change the OS.
    Regards

  • What does this statement mean: "There is a problem with your authentication, possibly due to inactivity. For your safety, you have been logged out and must sign in again to continue?"

    I am able to make it to the site for about 2 seconds and then I am quickly logged off and the statement, "There is a problem with your authentication, possibly due to inactivity. For your safety, you have been logged out and must sign in again to continue."
    I don't have a clue as to the problem but since this is impacting my participation in these classes and ultimately could have a negative impact on my grade, I am more than a little concerned!

    Have you allowed this site to set cookies?

  • Can't sign adobe html5 extension - problem with certificate

    1. I want to package my html extension for photoshop CC.
    2. I have tried to use ZXPSignCmd to build and sign extension package.
    3. For self-signed certificate it works.
    4. Now we bought root signed certificate from GlobalSign but ZXPSignCmd fails when we try to use it:
    Output from ZXPSignCmd:
    Unable to build a valid certificate chain. Please make sure that all certificates are included in the certificate file.
    We are sure that our certificate & password are correct (inside .p12 file we have 3 certs - root, intermediate and ours).
    We tried to use Adobe packaging tools: Configurator / Packager and each of them returns error that there is a problem with certificate. On the other side I was able to use ucf.jar to package another plugin with our certificate - so certificate is correct I guess.
    How we can package HTML5 Extension with manifest.xml and sign it with our certificate for Photoshop CC?
    We are trying to solve this for few hours so far but nothing seems to work...
    Please help.

    I know this is a late reply, but I thought I would chime in as I was getting the same "Unable to build a valid certificate chain. Please make sure that all certificates are included in the certificate file." error with our new Comodo code signing certificate.
    I originally received the code-signing certificate from Comodo as a .p7s file by downloading it from Comodo using Safari on Mac OS X Mavericks. I then imported it into Keychain Access (KA) by double-clicking the .p7s file after it was downloaded. From KA, I selected all of the certificates in the chain (by command-clicking each cert) and then exported them as single .p12 file.
    When using this the KA generated .p12 file I got the "certificate chain" error when using the ZXPSignCmd or ucf.jar tool. After way too many hours of head scratching, I decided to import the .p12 file created from KA into FireFox on Mac (v33.0.2) and re-export it from there. To import the .p12 into FireFox go to the import dialog: FireFox > Preferences > Advanced > Certificates Tab > View Certificates Button > Your Certificates Tab > Import Button. Once imported, export it back out as a .p12 file using the "Backup" button in the same dialog box. Yes, you are importing the .p12 just to re-export it as a .p12!
    Using the FireFox created .p12 works without error when using ZXPSignCmd and ucf.jar. I don't know if this a Keychain Access issue or if Adobe is just picky about how the .p12 file is created, but having FireFox do the .p12 creation worked for me.
    I hope this helps!
    -- Jim Birkenseer
    www.premediasystems.com

  • WCF service setup with certificate authentication error

    I have a WCF service setup and I need to use a certificate with it and are getting numerous errors when I attempt to browse it. The 1st error I get is "Security settings for this service require 'Anonymous' Authentication but it is not enabled for
    the IIS application that hosts this service."
    This sounds like a straightforward error message and setting the authentication method in IIS to anonymous resolves being able to browse the service. But I need to use a certificate and setting authentication to anonymous is obviously not right since we
    only want those with the proper certificate to access the service. I have all authentication methods in IIS set to disabled when I get the above error message. I have the SSL settings in IIS for the service set to require a certificate as well. I am using
    IIS 8.5 as well.
    Here is my config file in hoping someone could point me in the correct direction. The service should only work over HTTPS since we are using a certificate and I need the meta data exposed as well hence the mexHttpBinding. I have searched the web but no solution
    is working. Any help is appreciated.
    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
    <configSections>
    <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
    <section name="HEALookupProxy.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    </sectionGroup>
    </configSections>
    <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
    </appSettings>
    <system.web>
    <compilation targetFramework="4.5.1" />
    <httpRuntime targetFramework="4.5.1" />
    <authentication mode="None"></authentication>
    </system.web>
    <system.serviceModel>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true">
    <baseAddressPrefixFilters >
    <add prefix="https"/>
    </baseAddressPrefixFilters>
    </serviceHostingEnvironment>
    <services>
    <service name="HEALookupProxy.HEALookupService" behaviorConfiguration="HEALookupServiceBehavior">
    <endpoint address="" binding="wsHttpBinding" contract="HEALookupProxy.IHEALookupService" bindingConfiguration="HEALookupConfig" />
    <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
    </service>
    </services>
    <bindings>
    <wsHttpBinding>
    <binding name="HEALookupConfig">
    <security mode="TransportWithMessageCredential">
    <transport clientCredentialType="Certificate"/>
    </security>
    </binding>
    </wsHttpBinding>
    </bindings>
    <behaviors>
    <serviceBehaviors>
    <behavior name="HEALookupServiceBehavior">
    <serviceMetadata httpsGetEnabled="true"/>
    <serviceDebug includeExceptionDetailInFaults="false" />
    <serviceCredentials>
    <serviceCertificate x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" findValue="certnameremoved" />
    </serviceCredentials>
    </behavior>
    </serviceBehaviors>
    </behaviors>
    </system.serviceModel>
    <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <!--
    To browse web app root directory during debugging, set the value below to true.
    Set to false before deployment to avoid disclosing web app folder information.
    -->
    <directoryBrowse enabled="false" />
    <security>
    <authorization>
    <remove users="*" roles="" verbs="" />
    <add accessType="Allow" users="user1, user2" />
    </authorization>
    </security>
    </system.webServer>
    </configuration>

    Hi spark29er,
    >>The service should only work over HTTPS since we are using a certificate and I need the meta data exposed as well hence the mexHttpBinding.
    For creating the HTTPS WCF service, first please change the mexHttpBinding to
    mexHttpsBinding as following:
    <endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />
    For more information, please try to refer to:
    #Seven simple steps to enable HTTPS on WCF WsHttp bindings:
    http://www.codeproject.com/Articles/36705/simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi .
    Then please try to check the following article about how to do the certificate authentication on HTTPS WCF Service:
    http://blogs.msdn.com/b/imayak/archive/2008/09/12/wcf-2-way-ssl-security-using-certificates.aspx .
    Besides, setting the
    includeExceptionDetailInFaults as false can give us more detailed error information.
    Best Regards,
    Amy Peng
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • AP 2700 - 2 MAC addresses - problem with joining to the WLC

    Hi,
    I had a problem with joining my new AP 2700 to the controller. I've found workaround but I would like to ask you if you know if this behavior is a some kind of bug or maybe feature :)
    I have DHCP server which assigns IP address base on the binding MAC address with the IP address. Without binding, IP won't be assigned so I added MAC address from the AP sticker (MAC and SN number is on the sticker at the back of each AP) to the DHCP, connected AP to the switch port which was configured exactly the same way like other ports on this switch where older AP are working fine and.... nothing. IP address was not assigned. There was no DHCP request in the DHCP server logs.
    During the investigation I've found that AP present 2 MAC addresses on the switch interface:
    switch#sh mac address-table interface fa1/1
    Mac Address Table
    Vlan Mac Address Type Ports
    11 58f3.54c1.2cb3 DYNAMIC Fa1/1
    11 58f3.54c1.2cb4 DYNAMIC Fa1/1
    The first one (58f3.54c1.2cb3) is a "sticker" MAC address but the second one (58f3.54c1.2cb4) is something new. Looking in to the DHCP logs I've found log that this second MAC address (58f3.54c1.2cb4) tried to get IP address but it was not possible because this MAC was not binding with any IP address so DHCP server refuse. I added this second MAC (58f3.54c1.2cb4) to the DHCP server, AP get IP address, join to the WLC, download software, reboot and ... this MAC address disappear.
    switch#sh mac address-table interface fa1/1
    Mac Address Table
    Vlan Mac Address Type Ports
    11 58f3.54c1.2cb3 DYNAMIC Fa1/1
    Software I had on the AP before joining to the WLC was:
    Version :
    Cisco IOS Software, C2700 Software (AP3G2-RCVK9W8-M), Version 15.2(4)JB5, RELEASE SOFTWARE (fc1)
    now I have (after downloaded from the WLC)
    Version :
    Cisco IOS Software, C2700 Software (AP3G2-K9W8-M), Version 15.2(4)JB6, RELEASE SOFTWARE (fc1)
    Do anyone know what happen?

    (WLC1) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.6.130.0
    Bootloader Version............................... 1.0.20
    Field Recovery Image Version..................... 7.6.95.16
    Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
    Build Type....................................... DATA + WPS
    System Name...................................... WLC1
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
    Redundancy Mode.................................. Disabled
    IP Address....................................... 10.10.10.10
    Last Reset....................................... Software reset
    System Up Time................................... 25 days 2 hrs 53 mins 5 secs
    System Timezone Location.........................
    System Stats Realtime Interval................... 5
    System Stats Normal Interval..................... 180
    Configured Country............................... US - United States
    Operating Environment............................ Commercial (0 to 40 C)
    Internal Temp Alarm Limits....................... 0 to 65 C
    Internal Temperature............................. +44 C
    External Temperature............................. +22 C
    Fan Status....................................... OK
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Disabled
    Number of WLANs.................................. 6
    Number of Active Clients......................... 25
    Burned-in MAC Address............................ XX:XX:XX:XX:XX:XX
    Power Supply 1................................... Present, OK
    Power Supply 2................................... Present, OK
    Maximum number of APs supported.................. 25
    (WLC1) >show time
    Time............................................. Thu Apr 9 13:51:00 2015
    Timezone delta................................... 0:0
    Timezone location................................
    NTP Servers
    NTP Polling Interval......................... 3600
    Index NTP Key Index NTP Server NTP Msg Auth Status
    1 0 10.10.10.11 AUTH DISABLED
    It's look like AP doesn't allow for console login or commands it just only show activity. After rebooting the WLC I get information:
    Cisco IOS Software, C2700 Software (AP3G2-RCVK9W8-M), Version 15.2(4)JB5, RELEASE SOFTWARE (fc1)

  • Problem with forms authentication in OWA

    Hi
    I have a problem with exchange 2013 standard
    When I enable forms authentication on OWA, after logging in I get a 404 file not found error.
    Forms authentication works fine on ECP.
    I noticed that the login url has a ReturnUrl on the querystring which is double url encoded.i.e. I am getting
    https://centaur.patriot.local/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fcentaur.patriot.local%2fowa%2flogin.aspx%3fReturnUrl%3d%252fowa%252f%253fbO%253d1%26bO%3d1
    If I unescape the ReturnUrl and put that in the browser,(like the following), it works:
    https://centaur.patriot.local/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fcentaur.patriot.local%2fowa%2flogin.aspx%3fReturnUrl=/owa/?bO=1&bO=1
    So either IIS is redirecting twice or the redirect url is incorrect.
    Any ideas on how to fix this?

    Hello,
    You're right. the issue is related to IIS.
    If you do not want IIS to allow doubled-encoded requests to be served, please set allowDoubleEscaping vaule to false to check the result.
    -Encoded Requests" section in the following article:
    http://www.iis.net/learn/manage/configuring-security/use-request-filtering
    If the settings don't work, I recommend you post your issue to iis forum.
    http://forums.iis.net/
    If you have any feedback on our support, please click
    here
    Cara Chen
    TechNet Community Support

  • Problem with SQL Authenticator and SOA EM console.

    Hi,
    In my project, i have a need to authenticate USERS from data base tables. To acheve this i defined SQL Authenticator, inside the weblogic admin console.But, problem is after this, when i login to EM console of SOA, then, in the home page, it is showing all deployments as DOWN sate, including SOA-INFRA. But, i am able to deploy BPEL project and execute it normally. Why EM console is showing all deployments and soa-infra as down?.
    Thanks,
    Naga.
    Edited by: 984573 on Feb 5, 2013 9:56 PM

    Hi Anuj & Nicolas,
    Thanks for your reply.
         Really wonder, i found the solution. This is the problem with order of Authentication provider. If i put the "SQL Authenticator" in the top of the order as the first item in the list, then i am facing the above error in EM console. Now, i re-ordered the "SQL Authenticator" and keep it last in the list. Now, SOA EM console is working fine. I really do not understand, what is the significance of the order of Authentication provider.
    Thanks for your help.
    Regards,
    Naga.

  • Problems with custom authentication when migrating from 3.2 to 4.1.1

    Hi,
    we’re about to upgrade our APEX instances to 4.1.1 and to migrate our applications. I encountered some problems with our custom authentication schema.
    1.     Recognize already authenticated sessions: in 3.2 the sentry function could return false as long as the user was not authenticated. Public pages could still be displayed (including the login page). The result of the function apex_custom_auth.is_session_valid returned false until once the sentry function returned true. How can I recognize non authenticated sessions in 4.1.1? I looked for the test the Condition “User is the public user (user has not authenticated)” computes on a page but didn’t found the right one. It’s not what docu states here (comparison with the public user): http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/condition001.htm#HTMDB25943. I replaced the test with p_authentication.username = ‘nobody’. It works. But that doesn’t seem to me to be the right way …
    2.     Post_logout lacks session context: the Post Logout Procedure does not receive a session_id and username. Neither the V(‘APP_SESSION’) nor p_authentication.session_id are set. This applies to both plugin authentication schemes and non-plugin custom authentication schemes. Is there another way to obtain the logged-out sessions infos or is this a bug?
    See apex.oracle.com for a demo, workspace WS_MW, gast/gast. Can someone please guide me the way?
    Michael

    Hello again,
    there are no replies until now .... I reviewed some posts regarding custom authentication again and did not find any solution for the issues. Found some that worked with APEX 3.2.1 but not with 4.1.1. I can only work around
    1.) in an insecure way, because the non documented (?) user "nobody" can change and all new sessions will be considered authenticated
    2.) in a way, that ends up in implementing the logout from the non apex environment outside the authentication schema or authentication plugin.
    May be I should contact support for at least the second issue because this doesn't work as documented or am I doing something wrong?
    Michael

  • Problems with Anonymous authentication !!

    Hi All,
    I hope this is the right forum to ask my problem. And also, I would like to say that I dont have any idea in Java.
    Our problem is
    1. We are using Java SSL as server and OpenSSL as client.
    2. For server authentication, the connection is successful.
    3. But for Anonymous authentication, the connection fails in read server hello.
    I am not sure why this connection is failing. I have referred to client log file but did not get any information to solve the problem.
    I dont know how to check log information in the server side if it provides.
    Our settings are like this in server.xml for server side :
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="false"
    clientAuth="false" sslProtocol="TLS" />
    Please let me know whether above settings are OK for Anonymous authentication or not.
    If above settings are OK, please let me know how can I debug into the problem.
    Server is being run with TomCat.
    As I am not familiar with Java, May be I did not provide enough details.
    You may think that if I am not familiar, why I am posting ? :) I am supporting some other project team for SSL. So, we have faced this problem. I am familiar with SSL but not Java.
    Please let me know if you need any further details.
    Thank you very much !
    Regards
    Satish.

    3. But for Anonymous authenticationAnonymous authentication is a contradiction in terms. What you are doing is anonymous SSL, i.e. with no authentication.
    the connection fails in read server hello. Fails how? With what exception? stack trace? message? What happens if you run the server with -Djavax.net.debug=ssl,handshake?
    Please let me know whether above settings are OK for Anonymous authentication or not.They are not. You would have to enable one or more of the anonymous cipher suites. They are disabled by default.
    Next question, why are you doing anonymous SSL? Are you aware that it isn't secure?

  • Sender file Adapter, problem with proxy authentication

    HI all,
    i'm having some problems with the following scenario, i need to configure a sender file adapter which connects to a FTP server. To connect this FTP server i need to set a proxy (and so a username and a password), and i don't know how to do.
    From note 821267 seems that the proxy is not supported for an FTP adapter, but the are some workaround like the ones described in the following link
    Re: Proxy server inFTP adapter
    http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=57137
    They don't work in my case as i need to se two username (the one for proxy and the one for the ftp server) and i cannot force the proxy use for all XI applications.
    Can anyone help me?
    Thanks a lot
    Aldo

    Proxy is necessary to exit the customer local intranet. It's not possible to go outside network without going through the proxy server.
    I cannot set the proxy server in file adapter as it's not supported like described in SAp note,  a possible workarounf is to force the proxy server in the J2ee stack but in this way all PI calls would use that proxy..

  • IOS 6.0.1 - Problems with certificate based authentication on wireless access point

    Hi all
    We are using iPad 2 as order terminals in our shops for about 5 months. Some of the iPads (the first who entered the field) started to cause problems now. These iPads are no longer able to keep long-term connection to the wireless access point in our stores. After selecting the SSID a successful authentication using the stored EAP-TLS certificate is performed (this can be seen in the log files of our wireless controller and by the IP adress that is given by DHCP). But within seconds the affected iPads opening up a captive portal page (empty, without contents) and separates the connection to the SSID after a short time again.
    Affected are currently only iPads 2 with iOS 6.0.1, which were staged about 5 months ago. The newer devices with iOS 6.1+ connect without problems and open no captive portal page. The first cases occurred on the last Wednesday. Before that everything worked without difficulty. No modifications took place on the security structure.  The numbers of affected devices increased until all iOS 6.0.1 were affected.
    Access to other SSIDs (without use of certificates, by entering a key) for the devices is still possible (the devices does not open an captive portal page). The DHCP scope is not used up, so there are enough IP addresses available.
    "Newer iPads" with an iOS of 6.1+ are are showing no problems on the same wireless access point, where the older devices are rejected. New and old devices use the same certificates and authentication mechanisms.
    In the analysis of the issue, it turned out that  the problem can be solved by an update to iOS 6.1.3. Subsequently, the iPads will be able to rebuild a connection with the access point, without a captive portal page.
    Since the bandwidth is very narrow dimensioned in our stores, the communication of the iPads was severely restricted. Thus, the iPads are for exampleare accessible for the APNS but can not find iOS updates or check for their availability.
    A comprehensive update to iOS 6.1.3 is currently excluded.
    Does anyone knows this issue? What else can be done (except from updating)?

    I will answer my own question in case it helps anyone else.
    It would "seem" the ios 6 devices try the proxy and if that is not working they resort to the def gateway.
    To Fix I did the following:
    Brocade WIFI network has IPS and Advanced Firewall rules that seemed to be tthwarting some traffic, the iphones would then try the default gateway and be blocked at the FW. 
    I disabled the IPS and the Advanced Firewall Settings on the wifi as they are redundant to our main IPS and firewall that all traffic flows through anyway.  I will tune it later, but when the CEO is demanding a fix "**** the security, full speed ahead"
    Created some rues on the firewall to allow...
    - IMAP-SSL (port993) outbound
    - SMTPS (port 465) to yahoo servers outbound
    - tcp port 587 to yahoo servers outbound
    - https to akamai servers
    Most http and https goes through the proxy as it should, BUT...
    It seems that the akamai traffic allways ignores the wifi proxy settings and just heads straight for the default gateway.  I suspect there is a bug in the icloud app? 
    Hope this helps someone else.
    -Bo

  • Problems with re authentications in a wireless with WLC working with web authentication and a radius server

    Hi everyone, im having problems in a wireless network, the SSID has security layer 2 WPA, layer 3 web authentication (internal default page), and external RADIUS.
    When a client makes a roaming from one AP to another one or when he has a idle time, he needs to re authenticate in the web login page. Somebody knows a solution to avoid this behavior?. Or somebody has a troubleshooting way to determine why the clients have this problems??

    A few things I can share that might help .. Your actually feet on the ground will be importnat to see this issue for yourself.
    I know when a client or if the AP sends a DEAUTH frame the client will need to reestablish its connection and it will 100% of the time require a new web auth. If a client loses connection while roaming and a DEAUTH is sent on either side you will get the page. If youre client isnt romaing cleanly this can be a problem.
    Another problem is your using EAP. Are you using CCK or a device that supports OKC. What does your radius server say when a client roams ?
    You could also simply your config and then reapply your security and see where it breaks. By this I mean. For testing, create a SSID turn off security and leave layer 3 web auth on. Roam and see what happens. If it works, then start to apply the security and see where it breaks.
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

Maybe you are looking for

  • TS1538 my ipod touch 4g isn't being recognized by the computer nor Itunes.

    My ipod touch 4g isn't being recognized by the computer nor itunes. I didn't charge my ipod for about a week and then I bought a new usb cord and since then my ipod won't be recongnized. I've tried everything and nothing seems to work. My ipod still

  • Pixelation on playback

    I cut together a short intro scene that was fairly complicated--6 video tracks overlapping at various points. The idea is to have a small picture of each person I need to show move into a spot on a larger background, a total of eight will be shown bu

  • Modify control record and send out to external (TAMA) system using ALE

    Hi All, I have a scenario to send idoc from ECC 5.0 to 3.1R/3 and then to TAMA system (external system-through TRFC) In the inbound process code of 3.1R/3, I have to write a custom FM to modify the control record and point to TAMA system and then sen

  • Final outputed file is out of sync w/ audio

    the audio is in sync with the video on the timeline play thru....so then I output to H.2641080p 24 ...AAC audio out...but then the finished .mp4 is out of sync by a mili second or so...what can I do? thx.

  • Re: Qosmio G - Hidden files and folders not showing

    Hi folks, I have some hidden files and folders, which I was able to access before, and I used to click on the 'organise tab', view, Advanced Settings, show hidden files and folders, in order to hide or show the files. Unfortunately there seems to be