Blackberry Z10/Q10 - WPA2 PEAP MSCHAPv2 RADIUS failure

Similar Messages

• BlackBerry Z10/Q10 - contacts stop synching or updating (both ways from device and MS Outlook)

  Hi folks,
  Hopefully somebody can shed some light on this issue we are starting to see more and more at work.
  Are users are connected to the BDS10 server.   When they activate the device they are using the Work Account option.
  The issues are everything works excepts Contacts.   When they initially activate the device the contacts may or may not come over to device.   May or may not work accordingly with the updates from outlook and the device.   Then out of nowhere the synching and updating may stop.
  I have tried everything i can think of with the user:
  moved contacts into a sub-folder
  exported contacts to .csv and then re-import to possibly eliminate a bad entry
  delete and recreate the workspace
  delete and readd on the BDS10 and then delete and recreate the workspace
  guided the user to the old BB Article:
  http://btsc.webapps.blackberry.com/btsc/viewdocument.do?noCount=true&externalId=KB10009&sliceId=2&cm...
  Some databases failed to synchronize: Address book
  If the above error occurs, please follow the below checklist
  1)  Ensure that at least one of the following fields for the contact is populated(not blank)
       First Name
       Last Name
       Company Name
  2)  Check that there are no special characters within the BlackBerry smartphone Address Book, IBM Lotus Notes address book, or Microsoft Outlook contact
  Special characters include: () # $ @ ! & % " - , ^ " ; ,
  NOTE: these users have 800 or more contacts, one user has 3093 contacts!
  NOTE: these users stated they NEVER had this problem with THEIR OLD BB DEVICES!
  NOTE: our company is using MS Exchange 2003 ActiveSync in relation to user's mail store.
  Any help would be appreciated!

  Outlook/BB contact syncing seems broken. I have around 50 contacts and it couldn't sync those properly either. i was getting duplicates each time the device was restarted.
  The best way to sync contacts on a Z10/Q10 is to add the contacts directly to your mail box. I added all my contacts to me @live.com address book and my Q10 pulled those contacts just fine.

• Machine authentication on WPA2 PEAP-MSCHAPv2 wireless network

  Is there anyway to setup machine authentication on Leopard or Snow Leopard associating the device to a WPA2 Enterprise wireless network using PEAP with MSCHAPv2

  In Snow Leopard open Network preferences and select the Airport port then click on the Advanced button. Click on the 802.1X tab where you should find what you want.

• BlackBerry Z10 - Address Book SMS/Email Distribution List

  Will the BlackBerry Z10/Q10 have available the Address Book SMS and Email Distribution List's feature as it did with its predecessors?  This feature is built into the Address Book and does not sync with Outlook.

  I can't believe there is no distribution list on the new blackberry 10 system. I use distribution lists every day. This may be a deal breaker for this phone. Why not support something so simple?

• Can we still use PEAP-MSCHAPV2 for authenticating to a WPA2-Enterprise network?

  L.S,
  For authenticating to a BYOD wireless network a lot of companies use WPA2-Enterprise connected to a Microsoft IAS/NPS server to authenticate against Active Directory. There seems to be a way to intercept this wireless traffic using a roque accesspoint using the same (company) SSID-name and tools like freeradius-WPE and cloudcracker.
  If the BYOD client doesn't check the certificate provided by the fake radius server, the MSCHAPv2-negotiation can be discovered and the hacker will get the username AND hashed password which can be lookup'd by rainbow tables sites like cloudcracker.
  Is there still a safe way to deploy AD-authentication to BYOD clients?
  Kind Regards,
  Arjen

  I have tested the WPA2-enterprise/PEAP-MSCHAPv2 exploit this week placing a laptop in my car on the company parking lot with a Kali image, using hostap and freeradius-wpe configured with the company SSID. It was very easy to find out the mschapv2 challenge/responses of a number of android/windows phones that there just walking past my car. Also iPhone has a bad WPA2-enterprise implementation (see: http://research.edm.uhasselt.be/~bbonne/docs/robyns14wpa2enterprise.pdf), so bye bye WPA2-enterprise/PEAP-MSCHAPv2.
  Wonder what other (large) companies are using for their BYOD wireless networks! EAP-TLS using certificate sounds like the only feasible option, however, we are afraid that the enrolment of certificates to the BYOD-clients will be a total disaster. I heard stories that some android phones lose their client certificate after a reboot :(

• Self Assigned IP even though I am Authenticated via PEAP(MSCHAPv2) to WPA2

  Help!
  After installing Snow Leopard 10.6.1 on my 2.16 GHz Core Duo MacBook Pro running OS 10.5, I can no longer connect to the WPA2 Enterprise network at the University of Ottawa. I can still connect to other encrypted networks, such as my home WEP encrypted network. Before the installation I was able to connect to the WPA2 enterprise network.
  When attempting to connect, under network preferences I can see that my computer is Authenticated via PEAP(MSCHAPv2) and a timer showing my time connected is running. However under status, it says that I have a self assigned IP and that I cannot connect to the internet. As a result I cannot connect to the internet.
  I have included a picture that describes my problem exactly:
  Does anyone have this problem? Can anyone help me?
  Thanks!

  The thing you and many others forget is that these forums are for those with problems. Those for whom the installs works without fault do not visit here. They do not post. There are about 9,000 topics in the Installation and Using forums (the largest two) and even if every topic were an unique fault, this would mean a small fraction of the installed base.
  According to AppleInsider the Q1 sales of SL would be circa 5 million copies, and other reports indicate these numbers have been surpassed in the early months. So lets go for one months sales at only 1.5 million copies. 9,000 faults in 1.5 million copies is only a 0.6% rate and that's if every topic is a different fault (which it plainly isn't).
  So I'm afraid your argument is even less convincing - a few people report your fault, and even if only 1% of the installed base uses it, its still infinitesimal. IMO, the vast majority of problems arise from an initial Leopard installation that had enough variability of build to make enhancements problematical. I'd be the first to admit its not Apples finest hour, but its certainly not bad for the overwhelming majority.
  Perhaps you could apply to be an Apple tester, to help solve this issue ? Its better than standing on the sidelines complaining about everyone elses work for certain.
  Or log a fault request as it will get looked at I can assure you, but only if there is a tester who is actually able and willing to test that particular piece of functionality.

• Unable to move between PEAP (MSCHAPv2) to WPA2 Personal

  I just started to have a problem changing from my wireless network at work to my home network. At the office, I authenticate using PEAP (MSCHAPv2) and connect just fine. I put the computer to sleep, to go home and when my MBP tries to connect to my WPA2 Personal wireless at home, it times out. The only way to make the connection work is to reboot. It will then connect perfectly. For the record, I don't have the problem in the other direction, meaning that I can go from WPA2 Personal to PEAP seamlessly.
  Thanks for any help!
  Message was edited by: BocaBoy

  No great ideas here, but you could try removing wireless protection from home for a brief period of safe use; resetting the router; and then setting up WPA2 again.

• BlackBerry Z10 vs BlackBerry Q10: Which phone is the best choice?

  Device
  Z10
  Q10
  Display
  4.2-inch, LCD, resolution of 1280 x 768 pixels, and 356 pixels per inch
  3.1-inch, S-AMOLED, resolution of 720 x 720 pixels,
  and 330 pixels per inch
  Processor
  Dual-Core 1.5GHz – Snapdragon S4 Plus
  1.5 GHz dual-core QualcommMSM8960
  Memory
  2 GB of RAM
  2 GB of RAM
  Storage
  16 GB internal; MicroSD card slot for expandable storage up to 64 GB
  16 GB internal; MicroSD card slot for expandable storage up to 64 GB
  Camera
  8MP rear camera, 1080p HD video recording, and 2MP front-facing camera that records 720p HD
  8MP rear camera, 1080p HD video recording, and 2MP front-facing camera that records 720p HD
  Platform
  BlackBerry 10 (10.1 update still rolling out)
  BlackBerry 10.1
  As you can see from the chart above, the BlackBerry Z10 and BlackBerry Q10 are almost identical when it comes to specs. wever, I found the Q10 offered a better quality screen that also provided more impressive viewing angles. This is due to the Z10’s lesser quality LCD Disply that only pumps out a resolution of 1280 x 768 pixels, while the Q10’s S-AMOLED 720p screen flourishes above.
   In the end, I came to the conclusion that the handset that appeals to the larger majority of smartphone customers is the Z10. This device represents what people are accustomed to in the year 2013, while the Q10 appeals to a shrinking customer base that prefers a physical keypad over a virtual one.

  Q10 vs. Z10 is a highly personal choice. As you pointed out in the specs the basic internals are identical. It comes down to full touch screen vs. physical keyboard. For a traditionalist like me it's the Q10 FTW. But then I cut my teeth on BlackBerrys all the way back to the 7230 model. BlackBerry's outstanding physical keyboard is ingrained in my DNA by now. I've also used Android phones and an iPhone so I'm no stranger to the full touch screen, and I even got used to the on-screen keyboards with that form factor. But the Q10 for me has just enough of a screen that I don't miss the full size screen too much, and it's more than compensated for by the keyboard I love so much. 
  The best choice is to have them both! But if you must pick one, best to go to a store and try them both out for as long as the sales reps will tolerate you. 

• Blackberry Z10 "Call Failure"

  Hi Can anyone help?  My Blackberry Z10 has been working fine for a few months.  This week I can not make calls nor can I take calls.  When I dial out the phone displays "Call Failure" Contact your service provider.  I have been in contact with Virgin and they say nothing is wrong with the account or sim.  I have the sim in another blackberry phone and everything works just fine.  I have done the security wipe, still the same fault.  Does anyone have any ideas what I can do.  I purchased the phone online "New" from a private seller.

  I would get the sim replaced. I have seen similar issues with sim cards. I had a problem with my data plan on my sim. Wouldn't work on my Z10 but worked in a 9810. One think it was a problem with the device. Turned out that a replacement sim solved the problem.
  Get a new sim.
  1. Please thank those who help you by clicking the "Like" button at the bottom of the post that helped you.
  2. If your issue has been solved, please resolve it by marking the post "Solution?" which solved it for you!

• Wireless Guest Access with 802.1X (PEAP/MSCHAPv2) and ISE?

  Hi,
  I have a setup based on WLC 5508, Catalyst 3750-X and AP3600i.
  The WLCs are running 7.3 and ISE is 1.1.1
  I'm trying to setup wireless guest access, where the guests connect to a SSID with 802.1X using PEAP/MSCHAPv2.
  They should receive their username/password either from a sponsor directly (corporate AD user which prints the credentials) or through a SMS.
  The credentials will be created by the sponsor, using the sponsor portal on the ISE.
  Now to the questions:
  Is it correct that the foreign WLC (i.e. the WLC within the internal corporate network), should be set to no L2 and L3 security on the guest WLAN, to avoid having the foreign WLC contact the ISE and all traffic be forwarded directly to the anchor WLC?
  Is it correct that the anchor WLC (i.e. the WLC in the DMZ), should be configured with 802.1X/WPA2 L2 security and the ISE servers as the RADIUS servers on the guest WLAN, to ensure that the client is correctly authenticated/authorized by the ISE?
  When a guest logs on, how can I ensure that only one device (MAC address) is allowed per user?
  As it is now, a guest is able to log on with (I assume) an unlimited number of devices, using the credentials they have received.
  Thankyou very much :-)
  Best Regards,
  Niels J. Larsen

  Hi,
  I have a setup based on WLC 5508, Catalyst 3750-X and AP3600i.
  The WLCs are running 7.3 and ISE is 1.1.1
  I'm trying to setup wireless guest access, where the guests connect to a SSID with 802.1X using PEAP/MSCHAPv2.
  They should receive their username/password either from a sponsor directly (corporate AD user which prints the credentials) or through a SMS.
  The credentials will be created by the sponsor, using the sponsor portal on the ISE.
  Now to the questions:
  Is it correct that the foreign WLC (i.e. the WLC within the internal corporate network), should be set to no L2 and L3 security on the guest WLAN, to avoid having the foreign WLC contact the ISE and all traffic be forwarded directly to the anchor WLC?
  Is it correct that the anchor WLC (i.e. the WLC in the DMZ), should be configured with 802.1X/WPA2 L2 security and the ISE servers as the RADIUS servers on the guest WLAN, to ensure that the client is correctly authenticated/authorized by the ISE?
  When a guest logs on, how can I ensure that only one device (MAC address) is allowed per user?
  As it is now, a guest is able to log on with (I assume) an unlimited number of devices, using the credentials they have received.
  Thankyou very much :-)
  Best Regards,
  Niels J. Larsen

• 802.1x EAP PEAP MSCHAPv2 on Windows 7 Client.

  I have problems autenticate a w7 client at our Enterprice WiFi network. XP, Apple clients and all SmartPhones works fine...  We use Radius assigned Vlans based on username and ream routed on our Meru Network to Navis radius as centralied point of
  autentication. Navis proxes client autenticatinon recuest to the customers Radiuses based on the realm.
  Windows 7 32 client use the radius CA (installed and ticked) and EAP PEAP MSCHAPv2 in the SSID settings. The customer radius is an Freeradius. In autentication logs we se that the client sends the Maschinename, eg. Machine-x200/username@realm
  even we in the client settings, under SSID Propirties, Security, MS Protected EAP(PEAP), Settings and EAP-MSCAPv2 Configuration, have removed tick on the default setting:
  Use Autom. Windows-username... AND under Security Advanced (back one step), in the 802.1X Settings, choose User autentication only! (not user and maschine, mascine only or guest) and we have saved corectly username@reame =(username here) and password...
  in the username password Setting.
  Is it possible edit or change the way the client PC is sett up to prevent this?
  Is there any way make a policy setting? or is there other solutions?
  I have teste te Cisco: PEAP option too, but stil noe autenticatoin from Radius
  Thanks

  Hi,
  As I know, this goal cannot be achieved.
  Reference:
  Use the 802.1X Wizard to Configure NPS Network Policies
  For authentication using Extensible Authentication Protocol – Transport Layer Security (EAP-TLS), select
  Microsoft: Smart Card or other certificate, click
  Configure, click
  OK, and then click
  Next.
  For authentication using Protected Extensible Authentication Protocol – Transport Layer Security (PEAP-TLS), select
  Microsoft: Protected EAP (PEAP). In
  Eap Types, click
  Add, click
  Smart Card or other certificate, click the
  Move Up button to position a smart card or other certificate at the top of the list, click
  OK, and then click
  Next.
  For secure password authentication using Protected Extensible Authentication Protocol – Microsoft Challenge Handshake Authentication Protocol
  version 2 (PEAP-MS-CHAP v2), select Microsoft: Protected EAP (PEAP). In
  Eap Types, click
  Add, click
  Secured password (EPA-MSCHAP v2), click the
  Move Up button to position the secured password authentication type at the top of the list, click
  OK, and then click
  Next.
  Regards,
  Sabrina
  TechNet Subscriber Support
  in forum.
  If you have any feedback on our support, please contact
  [email protected]
  This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
  This can be beneficial to other community members reading the thread.

• Connecting Z10 to WPA2-Enterprise Wifi

  Haloo...
  Please help by giving any clue to connecting Blackberry Z10 to Office Wifi which is using WPA2-Enterprise security type.
  Thank you in advanced
  Regards,
  Tri Harnoko

  Hey harnoko,
  Welcome to the BlackBerry Support Community Forums.
  Thanks for the question.
  When adding a Wi-Fi network, change the security type to WPA2-Enterprise and fill out the required security information.
  Do you receive any specific errors when adding the Wi-Fi network?
  Let me know if you have any more questions.
  Cheers.
  -ViciousFerret
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Like! for those who have helped you.
  Click  Accept as Solution for posts that have solved your issue(s)!

• PEAP-MSCHAPV2 problems

  Hi,
  I have a problem with PEAP-MSCHAPV2 authentication in combination with Wireless Service Module en Cisco ACS 4.1(and later i tested with IAS).
  When i use the Windows Supplicant i can get no connection with my wireless network, when i used the Intel Pro Client its works very good. The Windows supplicant asked very 5 seconds my usercredentinals and in the log files of the RADIUS is nothing to see.
  Can somebody help me with this problem ?

  Hi,
  Apply this MS hotfix.
  Regards,
  ~JG

• BlackBerry z10 vs z3

  I own a blackberry z10 for almost 2 years now, ive been looking for new phones and i like the z3 very much as am a blackberry fan. But ive been wondering why make a new phone with much less specs, this question have been bothering me, new phones are supposed to be better not less in almost everything except the battery life??? I hope there is a reasonable explanation, thnx

  It was meant to be a low-priced phone for foreign markets.
  I still think the Z30 is the best BlackBerry ever made and I've used the Z10, Q10, and Z30.
  1. Please thank those who help you by clicking the "Like" button at the bottom of the post that helped you.
  2. If your issue has been solved, please resolve it by marking the post "Solution?" which solved it for you!

• Blackberry z10 Wifi Connection problem

  Just acquired Blackberry Z10, and transferred contacts, accounts from Curve 9300.
  Can anybody please help with failure to reconnect to saved  wifi networks?
  I have a blackberry z10 and have found that when Idiscoonect from home or work wifi (by leaving work /home) when I return to the wifi area  the phone does not reconnect unless I switch off/on wifi on phone.
  Phone is Z10 model STL100-2
  Software is 10.1.0.4181

  There seems to be  at least a workaround for this problem.
  Last week I sselected the "Hidden SSID" setting for my wifi accounts on my BB Z10
  It has connected automatically to work & home networks since then.
  Suggest you try this.
  Many thanks to all who have offered assistance.