External Authentication failed with new key

I have a card using SCP 01 05. There is 1 keyset(3 keys) with version 01. I have added a new keyset(3 keys as well) with version 02.
I run external authentication with keyset version 01 and it passed. I run external authentication with keyset version 02 immediately but it returned 6982. This mean "Security status not satisfied". Why can't I do authentication with other key?

Read the INITIAL UPDATE command !!!! What is the P1/P2 ? If you inform it to use the keyset 1, then you can't possibly think that calculating with the keyset 2 will work ?
The response data contains a bunch of information, including the keyset used to create the card cryptogram. That is the required key for calculating the off-card cryptogram. You would have seen this if you were calculating the card cryptogram properly because you would have been using the wrong key and the cryptograms wouldn't have matched.
So, Why can't I do authentication with other key? Because you have to INITIALIZE UPDATE with that other key.

Similar Messages

  • Renew Subordinate CA with new key

    We have one Enterprise Root CA and one Subordinate CA server in our environment. Subordinate CA issues certificates to many DCs and Webservers.
    Now the certificate of Subordinate CA is getting expired and we have to renew. I would like to know what will happen if I renew Subordionate certificate with new key pair? all the existing certificates issued by Subordinate CA become invalid? or still
    continue to funtion till expiry date?
    Mahi

    Thanks Mark for the information.
    My Sub CA Certificate is going to expire on 30th May. SubCA has issued ceritificates to application's like TestApp1, TestApp2, TestApp3. The existing certificate issued by Sub CA installed on these applications are expiring on 30th May.
    I am plannig to renew SUb CA certificate with different Key this weekend i.e on 26th april and also increasing the certificate keylength to 2048 bits.
    When renew SubCA certificate with different key, the existing certificates installed on TestApp1, TestApp2, TestApp3 still continue function till its expiry i.e 30th May? Hope renewing SubCA certificate with different key will not disturb the existing
    certificates installed on TestApp1, TestApp2, TestApp3. Becase I am planning to renew certificates installed on TestApp1, TestApp2, TestApp3 in first week of May as I can not have downtime on 26th april.
    Apologizes I am asking this question repeatedly.
    Mahi

  • External Authentication failed via PHP script

    I'm not a PHP wiz - in fact I am not a backend coder so I am
    somewhat struggeling with the sample scripts - I still hope for a
    CF sample...
    I'm trying to run and log in to AFCS via the commandline
    (Terminal). I'm not sure what I'm doing wrong - here what I am
    passing:
    php -f /Applications/MAMP/htdocs/afcs.php args --debug
    --host=http://connectnow.acrobat.com,fcguru,my_login,my_pass
    The username and password I pass are correct. However I get
    this response:
    Error: exception 'AFCSError' with message '<response
    status="error">
    <error code="AUTH_FAILED">
    <msg>Authorization Failed</msg>
    </error>
    </response>
    ' in /Applications/MAMP/htdocs/afcs.php:86
    Really struggeling with this. Even once I get this working
    from the commandline I do not know how to call this from a script
    instead. I use CF on the backend, not PHP.
    Regards,
    Stefan

    I would say that your command is syntactically correct, but
    semantically incorrect :)
    Two problems:
    - there is no "args" parameter in afcs.php
    - when you use php -f file.php you have to append a -- after
    the php file to tell the interpreter to stop parsing parameters
    because they belong to the script
    So, try this:
    php -f /Applications/MAMP/htdocs/afcs.php -- --debug
    --host=http://connectnow.acrobat.com fcguru my_login my_pass
    or this:
    php /Applications/MAMP/htdocs/afcs.php --debug
    --host=http://connectnow.acrobat.com fcguru my_login my_pass
    Also, there is an example of a php web application that uses
    external authentication in the examples folder
    (ExternalAuthentication/php). Just drop the php folder somewhere in
    your webserver and try it out.

  • RPC Server is unavailable when trying to renew or request a new certificate with new key

    Hi
    I have a couple of wireless access points (AP's) that are unable to use our RADIUS server to authenticate.
    This started happening after a power outage, and I did a gracefull shutdown of the RADIUS server.  When the server was booted up the AP's appear to have lost the ability to authenticate users of both PC's and mobile devices.
    I looked through the Network Policy server  MMC and didn't find anything there.
    Next I looked at the certificates and found 2 in the Personal>Certificates folder, that I think are related to this configuration.  The odd thing is they expired the exact same day as the power outage.  
    So I tried to Renew and then Recreate the certificate's key. That's when I received the RPC server unavailable.  I also tried creating a new key from scratch, same problem.
    I did a lot of searching on the web so I have seen this thread and I have checked all the things recommended, none of the suggestions helped:  
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/2b93bfa8-c162-4fc8-9cf3-a8f8f8c8ff29/rpc-server-is-unavailable-requesting-a-new-certificate?forum=winservergen
    I must admit I am at a loss as to where to look next. 
    Help is very much appreciated.

    Are you also the admin of the certificate authority? 
    =====I am the admin, but my knowledge of this topic is low.
    If the CA is operational, the next steps are:
    - Any firewalls between your client and this CA? Did somebody change the desktop firewalls settings at the CA?
    ===== There are no firewalls between the client and CA nor have the desktop firewall rules changed.
    - Can sombody (the PKI admin?) confirm that the CA works fine and other clients can enroll? What's the difference between those clients and yours?
    ===== I will see about trying this out and report back. 
    - Is the CA probably in a different domain and does Kerberos authentication work fine between domains? I had sometimes seen things like: CA is in a root domain but clients cannot talk to Root DCs as per firewall settings - thus clients cannot get Kerberos tickets
    from the domain hosting the CA. (Certificate enrollment is sometimes the first application that really requires Kerberos and cannot fall back to NTLM). A network trace would help here.
    =====
    The CA is in the same domain. 
    - Did somebody tweak with DCOM permissions or lock down flags at the CA (unlikely)
    ===== The DCOM settings haven't been touched by anyone. 
    Thanks

  • Former itunes installation from external hdd syncing with new installation.

    Hello, i need some help!
    My laptop has a severe mainbord damage, it's not economical to repair it.
    so, i'm going to mount the 2,5" hdd in an external hdd case with usb.
    in addition, i get a new iphone due to fluid damage.
    so my itunes with the iphone backup is on the external hdd, to run the external hdd as a boot hdd is not possible.
    how can i solve the problem to have my backup on my new iphone?
    would be great to have any ideas!
    thanks in advance

    The iTunes library is not stored with the application - it is stored separately and accessed by the iTunes application so I'm not sure how installing an iTunes update or removing and re-installing iTunes would delete your entire iTunes library where all this data is stored. And you don't maintain a backup of your important data including music and video purchased from the iTunes Music Store? This is important regardless the platform but more so when using Windows with all the virus, adware and spyware concerns.
    iTunes includes a preference setting to not automatically sync an iPhone automatically when any iPhone is connected. Be sure to select this first which doesn't require your iPhone being connected.
    When your iPhone is connected, do not manually sync. At the iTunes menu bar go to File and select Transfer Purchases From - (the name of your iPhone).
    This will transfer iTunes purchased content only from your iPhone to iTunes. Any music transferred to the iPhone from music CDs will not be transferred and the same for any movies transferred to the iPhone that were not purchased via iTunes.

  • DDNS Authentication Fails with E2000

    Just purchased an E2000 (Firmware version 1.0.03) to use with DDNS. Much to my surprise there seems to be a problem with saving the password at the confiuration screen.
    Settings;
    - Service Type = DynDNS.org
    - Username = <my user name.
    - Password = <my password>
    - Hostname = <my host name>
    - System = Dynamic
    With the above settings entered and the Update button pressed favourable results are obtained; the router reports that DynDNS.org updates okay. However once the "Save Settings" button is pressed an update fails with the error "Authorization failur bad ID or password"
    Is anyone else experiencing this issue? Is the password field limited to certian characters?

    same thing happens for me with my E2000 running 1.0.03.  if i enter my username and password for dyndns into the web interface and click Update, i get the "DDNS is updated successfully" message.  but then i'll immediately press Update again and i'll get "Authorization fails (username or passwords)".
    changing my password on dyndns and then updating my router configs didn't do the trick (which isn't much of a surprise).

  • FT akm with 802.1x authentication failed at eapol key 2(invalid MIC)

    My testing controller s/w version is 7.0.250.0, and testing clients were iphone5, iphone6 and macbook pro13, all debug inform showed failed because of invalid MIC, is this a bug or other reason ?
    WLAN configuration:
    (Cisco Controller) >show wlan 100
    WLAN Identifier.................................. 100
    Profile Name..................................... test-qh
    Network Name (SSID).............................. test-qh
    Status........................................... Enabled
    MAC Filtering.................................... Disabled
    Broadcast SSID................................... Enabled
    AAA Policy Override.............................. Disabled
    Network Admission Control
      Radius-NAC State............................... Disabled
      SNMP-NAC State................................. Disabled
      Quarantine VLAN................................ 0
    Maximum number of Associated Clients............. 10
    Number of Active Clients......................... 0
    Exclusionlist Timeout............................ 60 seconds
    Session Timeout.................................. 1800 seconds
    CHD per WLAN..................................... Enabled
    Webauth DHCP exclusion........................... Disabled
    Interface........................................ management
    Multicast Interface.............................. Not Configured
    --More-- or (q)uit
    WLAN ACL......................................... unconfigured
    DHCP Server...................................... Default
    DHCP Address Assignment Required................. Disabled
    Static IP client tunneling....................... Disabled
    Quality of Service............................... Silver (best effort)
    Scan Defer Priority.............................. 4,5,6
    Scan Defer Time.................................. 100 milliseconds
    WMM.............................................. Allowed
    WMM UAPSD Compliant Client Support............... Disabled
    Media Stream Multicast-direct.................... Disabled
    CCX - AironetIe Support.......................... Enabled
    CCX - Gratuitous ProbeResponse (GPR)............. Disabled
    CCX - Diagnostics Channel Capability............. Disabled
    Dot11-Phone Mode (7920).......................... Disabled
    Wired Protocol................................... None
    IPv6 Support..................................... Disabled
    Peer-to-Peer Blocking Action..................... Disabled
    Radio Policy..................................... All
    DTIM period for 802.11a radio.................... 1
    DTIM period for 802.11b radio.................... 1
    Radius Servers
       Authentication................................ Disabled
       Accounting.................................... Global Servers
    --More-- or (q)uit
       Dynamic Interface............................. Disabled
    Local EAP Authentication......................... Enabled (Profile 'test')
    Security
       802.11 Authentication:........................ Open System
       Static WEP Keys............................... Disabled
       802.1X........................................ Disabled
       Wi-Fi Protected Access (WPA/WPA2)............. Enabled
          WPA (SSN IE)............................... Disabled
          WPA2 (RSN IE).............................. Enabled
             TKIP Cipher............................. Disabled
             AES Cipher.............................. Enabled
                                                                   Auth Key Management
             802.1x.................................. Disabled
             PSK..................................... Disabled
             CCKM.................................... Disabled
             FT(802.11r)............................. Enabled
             FT-PSK(802.11r)......................... Disabled
    FT Reassociation Timeout......................... 20
    FT Over-The-Air mode............................. Enabled
    FT Over-The-Ds mode.............................. Disabled
    CCKM tsf Tolerance............................... 1000
       CKIP ......................................... Disabled
    --More-- or (q)uit
       IP Security................................... Disabled
       IP Security Passthru.......................... Disabled
       Web Based Authentication...................... Disabled
       Web-Passthrough............................... Disabled
       Conditional Web Redirect...................... Disabled
       Splash-Page Web Redirect...................... Disabled
       Auto Anchor................................... Disabled
       H-REAP Local Switching........................ Disabled
       H-REAP Local Authentication................... Disabled
       H-REAP Learn IP Address....................... Enabled
       Client MFP.................................... Optional
       Tkip MIC Countermeasure Hold-down Timer....... 60
    Call Snooping.................................... Disabled
    Roamed Call Re-Anchor Policy..................... Disabled
    SIP CAC Fail Send-486-Busy Policy................ Enabled
    SIP CAC Fail Send Dis-Association Policy......... Disabled
    Band Select...................................... Disabled
    Load Balancing................................... Disabled
     Mobility Anchor List
     WLAN ID     IP Address            Status
    debug info:
    Cisco Controller) >*apfMsConnTask_0: Apr 27 21:46:09.971: Processing assoc-req station:68:96:7b:cd:89:1b AP:00:27:0d:2e:d0:50-01 thread:333140024
    *apfMsConnTask_0: Apr 27 21:46:09.971: 68:96:7b:cd:89:1b Marking this mobile as TGr capable.
    *apfMsConnTask_0: Apr 27 21:46:09.971: 68:96:7b:cd:89:1b Processing RSN IE type 48, length 20 for mobile 68:96:7b:cd:89:1b
    *apfMsConnTask_0: Apr 27 21:46:09.971: 68:96:7b:cd:89:1b apfMsAssoStateInc
    *apfMsConnTask_0: Apr 27 21:46:09.971: Sending assoc-resp station:68:96:7b:cd:89:1b AP:00:27:0d:2e:d0:50-01 thread:333140024
    *apfMsConnTask_0: Apr 27 21:46:09.971: Adding MDIE, ID is:0x4e57
    *apfMsConnTask_0: Apr 27 21:46:09.971: 68:96:7b:cd:89:1b Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
    *apfMsConnTask_0: Apr 27 21:46:09.971: 68:96:7b:cd:89:1b Sending R0KH-ID as:192.168.20.244
    *apfMsConnTask_0: Apr 27 21:46:09.971: 68:96:7b:cd:89:1b Sending R1KH-ID as 00:24:14:7e:74:c0
    *apfMsConnTask_0: Apr 27 21:46:09.971: 68:96:7b:cd:89:1b Including FT IE (length 98) in Initial Assoc Resp to mobile
    *spamReceiveTask: Apr 27 21:46:09.973: 68:96:7b:cd:89:1b Sent 1x initiate message to multi thread task for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:09.974: 68:96:7b:cd:89:1b Station 68:96:7b:cd:89:1b setting dot1x reauth timeout = 1800
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:09.974: 68:96:7b:cd:89:1b Sending EAP-Request/Identity to mobile 68:96:7b:cd:89:1b (EAP Id 1)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.037: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.037: 68:96:7b:cd:89:1b Received Identity Response (count=1) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.117: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.117: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 2)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.133: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.133: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 2, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.135: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.135: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 3)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.139: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.139: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 3, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.140: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.140: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 4)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.200: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.201: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 4, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.309: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.309: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 5)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.312: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.313: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 5, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.314: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.314: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 6)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.321: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.321: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 6, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.322: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.322: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 7)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.325: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.325: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 7, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.326: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.326: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 8)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.329: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.329: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 8, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.331: 68:96:7b:cd:89:1b Processing Access-Accept for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.331: 68:96:7b:cd:89:1b Setting re-auth timeout to 1800 seconds, got from WLAN config.
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.332: 68:96:7b:cd:89:1b Station 68:96:7b:cd:89:1b setting dot1x reauth timeout = 1800
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.332: 68:96:7b:cd:89:1b Creating a PKC PMKID Cache entry for station 68:96:7b:cd:89:1b (RSN 2)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.332: 68:96:7b:cd:89:1b Adding BSSID 00:27:0d:2e:d0:5e to PMKID cache for station 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.332: New PMKID: (16)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.332:      [0000] 80 a9 e3 16 d9 c8 28 9a 37 11 bd 56 ca 01 d5 ce
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.332: 68:96:7b:cd:89:1b Disabling re-auth since PMK lifetime can take care of same.
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.332: 68:96:7b:cd:89:1b Created PMK Cache Entry for TGr AKM:802.1x 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.332: 68:96:7b:cd:89:1b   R0KH-ID:192.168.20.244   R1KH-ID:00:24:14:7e:74:c0  MSK Len:48
                                                                                                                                  pmkValidTime:1772
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.333: 68:96:7b:cd:89:1b PMK sent to mobility group
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.333: 68:96:7b:cd:89:1b Sending EAP-Success to mobile 68:96:7b:cd:89:1b (EAP Id 8)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.333: Including PMKID in M1  (16)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.333:      [0000] 80 a9 e3 16 d9 c8 28 9a 37 11 bd 56 ca 01 d5 ce
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.333: 68:96:7b:cd:89:1b Starting key exchange to mobile 68:96:7b:cd:89:1b, data packets will be dropped
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.333: 68:96:7b:cd:89:1b Sending EAPOL-Key Message to mobile 68:96:7b:cd:89:1b
                                                                                                                        state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.333: 68:96:7b:cd:89:1b Received Auth Success while in Authenticating state for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.336: 68:96:7b:cd:89:1b Received EAPOL-Key from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.336: 68:96:7b:cd:89:1b Received EAPOL-key in PTK_START state (message 2) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.337: 68:96:7b:cd:89:1b Received EAPOL-key M2 with invalid MIC from mobile 68:96:7b:cd:89:1b
    *osapiBsnTimer: Apr 27 21:46:10.560: 68:96:7b:cd:89:1b 802.1x 'timeoutEvt' Timer expired for station 68:96:7b:cd:89:1b and for message = M2
    *dot1xMsgTask: Apr 27 21:46:10.562: 68:96:7b:cd:89:1b Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.565: 68:96:7b:cd:89:1b Received EAPOL-Key from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.565: 68:96:7b:cd:89:1b Received EAPOL-key in PTK_START state (message 2) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:10.566: 68:96:7b:cd:89:1b Received EAPOL-key M2 with invalid MIC from mobile 68:96:7b:cd:89:1b
    *osapiBsnTimer: Apr 27 21:46:10.960: 68:96:7b:cd:89:1b 802.1x 'timeoutEvt' Timer expired for station 68:96:7b:cd:89:1b and for message = M2
    *dot1xMsgTask: Apr 27 21:46:10.960: 68:96:7b:cd:89:1b Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:11.048: 68:96:7b:cd:89:1b Received EAPOL-Key from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:11.048: 68:96:7b:cd:89:1b Received EAPOL-key in PTK_START state (message 2) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:11.048: 68:96:7b:cd:89:1b Received EAPOL-key M2 with invalid MIC from mobile 68:96:7b:cd:89:1b
    *osapiBsnTimer: Apr 27 21:46:11.360: 68:96:7b:cd:89:1b 802.1x 'timeoutEvt' Timer expired for station 68:96:7b:cd:89:1b and for message = M2
    *dot1xMsgTask: Apr 27 21:46:11.360: 68:96:7b:cd:89:1b Retransmit 3 of EAPOL-Key M1 (length 121) for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:11.364: 68:96:7b:cd:89:1b Received EAPOL-Key from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:11.364: 68:96:7b:cd:89:1b Received EAPOL-key in PTK_START state (message 2) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:11.364: 68:96:7b:cd:89:1b Received EAPOL-key M2 with invalid MIC from mobile 68:96:7b:cd:89:1b
    *osapiBsnTimer: Apr 27 21:46:11.760: 68:96:7b:cd:89:1b 802.1x 'timeoutEvt' Timer expired for station 68:96:7b:cd:89:1b and for message = M2
    *dot1xMsgTask: Apr 27 21:46:11.760: 68:96:7b:cd:89:1b Retransmit 4 of EAPOL-Key M1 (length 121) for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:11.763: 68:96:7b:cd:89:1b Received EAPOL-Key from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:11.764: 68:96:7b:cd:89:1b Received EAPOL-key in PTK_START state (message 2) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:11.764: 68:96:7b:cd:89:1b Received EAPOL-key M2 with invalid MIC from mobile 68:96:7b:cd:89:1b
    *osapiBsnTimer: Apr 27 21:46:12.160: 68:96:7b:cd:89:1b 802.1x 'timeoutEvt' Timer expired for station 68:96:7b:cd:89:1b and for message = M2
    *dot1xMsgTask: Apr 27 21:46:12.161: 68:96:7b:cd:89:1b Retransmit failure for EAPOL-Key M1 to mobile 68:96:7b:cd:89:1b, retransmit count 5, mscb deauth count 0
    *dot1xMsgTask: Apr 27 21:46:12.162: 68:96:7b:cd:89:1b Removing PMK cache entry for station 68:96:7b:cd:89:1b
    *apfMsConnTask_0: Apr 27 21:46:12.185: Processing assoc-req station:68:96:7b:cd:89:1b AP:00:27:0d:2e:d0:50-01 thread:333140024
    *apfMsConnTask_0: Apr 27 21:46:12.185: 68:96:7b:cd:89:1b Marking this mobile as TGr capable.
    *apfMsConnTask_0: Apr 27 21:46:12.185: 68:96:7b:cd:89:1b Processing RSN IE type 48, length 20 for mobile 68:96:7b:cd:89:1b
    *apfMsConnTask_0: Apr 27 21:46:12.185: Sending assoc-resp station:68:96:7b:cd:89:1b AP:00:27:0d:2e:d0:50-01 thread:333140024
    *apfMsConnTask_0: Apr 27 21:46:12.185: Adding MDIE, ID is:0x4e57
    *apfMsConnTask_0: Apr 27 21:46:12.185: 68:96:7b:cd:89:1b Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
    *apfMsConnTask_0: Apr 27 21:46:12.185: 68:96:7b:cd:89:1b Sending R0KH-ID as:192.168.20.244
    *apfMsConnTask_0: Apr 27 21:46:12.185: 68:96:7b:cd:89:1b Sending R1KH-ID as 00:24:14:7e:74:c0
    *apfMsConnTask_0: Apr 27 21:46:12.185: 68:96:7b:cd:89:1b Including FT IE (length 98) in Initial Assoc Resp to mobile
    *spamReceiveTask: Apr 27 21:46:12.187: 68:96:7b:cd:89:1b Sent 1x initiate message to multi thread task for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.188: 68:96:7b:cd:89:1b Station 68:96:7b:cd:89:1b setting dot1x reauth timeout = 1800
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.188: 68:96:7b:cd:89:1b Sending EAP-Request/Identity to mobile 68:96:7b:cd:89:1b (EAP Id 1)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.191: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.191: 68:96:7b:cd:89:1b Received Identity Response (count=1) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.271: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.271: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 2)
    *apfMsConnTask_0: Apr 27 21:46:12.563: Processing assoc-req station:68:96:7b:cd:89:1b AP:00:27:0d:2e:d0:50-01 thread:333140024
    *apfMsConnTask_0: Apr 27 21:46:12.563: 68:96:7b:cd:89:1b Marking this mobile as TGr capable.
    *apfMsConnTask_0: Apr 27 21:46:12.563: 68:96:7b:cd:89:1b Processing RSN IE type 48, length 20 for mobile 68:96:7b:cd:89:1b
    *apfMsConnTask_0: Apr 27 21:46:12.563: Sending assoc-resp station:68:96:7b:cd:89:1b AP:00:27:0d:2e:d0:50-01 thread:333140024
    *apfMsConnTask_0: Apr 27 21:46:12.563: Adding MDIE, ID is:0x4e57
    *apfMsConnTask_0: Apr 27 21:46:12.563: 68:96:7b:cd:89:1b Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
    *apfMsConnTask_0: Apr 27 21:46:12.563: 68:96:7b:cd:89:1b Sending R0KH-ID as:192.168.20.244
    *apfMsConnTask_0: Apr 27 21:46:12.563: 68:96:7b:cd:89:1b Sending R1KH-ID as 00:24:14:7e:74:c0
    *apfMsConnTask_0: Apr 27 21:46:12.563: 68:96:7b:cd:89:1b Including FT IE (length 98) in Initial Assoc Resp to mobile
    *spamReceiveTask: Apr 27 21:46:12.565: 68:96:7b:cd:89:1b Sent 1x initiate message to multi thread task for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.566: 68:96:7b:cd:89:1b Sending EAP-Request/Identity to mobile 68:96:7b:cd:89:1b (EAP Id 1)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.571: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.571: 68:96:7b:cd:89:1b Received Identity Response (count=1) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.572: 68:96:7b:cd:89:1b Processing Access-Reject for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.573: 68:96:7b:cd:89:1b Removing PMK cache due to EAP-Failure for mobile 68:96:7b:cd:89:1b (EAP Id -1)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:12.573: 68:96:7b:cd:89:1b Sending EAP-Failure to mobile 68:96:7b:cd:89:1b (EAP Id -1)
    (Cisco Controller) >*Dot1x_NW_MsgTask_0: Apr 27 21:46:12.573: 68:96:7b:cd:89:1b Setting quiet timer for 5 seconds for mobile 68:96:7b:cd:89:1b
    *osapiBsnTimer: Apr 27 21:46:17.560: 68:96:7b:cd:89:1b 802.1x 'quiteWhile' Timer expired for station 68:96:7b:cd:89:1b and for message = M0
    *dot1xMsgTask: Apr 27 21:46:17.561: 68:96:7b:cd:89:1b quiet timer completed for mobile 68:96:7b:cd:89:1b
    *dot1xMsgTask: Apr 27 21:46:17.561: 68:96:7b:cd:89:1b Sending EAP-Request/Identity to mobile 68:96:7b:cd:89:1b (EAP Id 1)
    (Cisco Controller) >*apfMsConnTask_0: Apr 27 21:46:19.793: Processing assoc-req station:68:96:7b:cd:89:1b AP:00:27:0d:2e:d0:50-01 thread:333140024
    *apfMsConnTask_0: Apr 27 21:46:19.793: 68:96:7b:cd:89:1b Marking this mobile as TGr capable.
    *apfMsConnTask_0: Apr 27 21:46:19.793: 68:96:7b:cd:89:1b Processing RSN IE type 48, length 20 for mobile 68:96:7b:cd:89:1b
    *apfMsConnTask_0: Apr 27 21:46:19.793: Sending assoc-resp station:68:96:7b:cd:89:1b AP:00:27:0d:2e:d0:50-01 thread:333140024
    *apfMsConnTask_0: Apr 27 21:46:19.793: Adding MDIE, ID is:0x4e57
    *apfMsConnTask_0: Apr 27 21:46:19.793: 68:96:7b:cd:89:1b Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
    *apfMsConnTask_0: Apr 27 21:46:19.793: 68:96:7b:cd:89:1b Sending R0KH-ID as:192.168.20.244
    *apfMsConnTask_0: Apr 27 21:46:19.793: 68:96:7b:cd:89:1b Sending R1KH-ID as 00:24:14:7e:74:c0
    *apfMsConnTask_0: Apr 27 21:46:19.793: 68:96:7b:cd:89:1b Including FT IE (length 98) in Initial Assoc Resp to mobile
    *spamReceiveTask: Apr 27 21:46:19.796: 68:96:7b:cd:89:1b Sent 1x initiate message to multi thread task for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.798: 68:96:7b:cd:89:1b Sending EAP-Request/Identity to mobile 68:96:7b:cd:89:1b (EAP Id 1)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.825: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.826: 68:96:7b:cd:89:1b Received Identity Response (count=1) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.905: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.905: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 2)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.918: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.918: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 2, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.920: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.920: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 3)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.923: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.924: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 3, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.924: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    d*Dot1x_NW_MsgTask_0: Apr 27 21:46:19.925: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 4)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.964: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:19.964: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 4, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.073: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    e*Dot1x_NW_MsgTask_0: Apr 27 21:46:20.073: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 5)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.076: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.076: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 5, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.077: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.077: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 6)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.083: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.083: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 6, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.084: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.084: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 7)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.087: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.087: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 7, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.088: 68:96:7b:cd:89:1b Processing Access-Challenge for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.088: 68:96:7b:cd:89:1b Sending EAP Request from AAA to mobile 68:96:7b:cd:89:1b (EAP Id 8)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.090: 68:96:7b:cd:89:1b Received EAPOL EAPPKT from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.090: 68:96:7b:cd:89:1b Received EAP Response from mobile 68:96:7b:cd:89:1b (EAP Id 8, EAP Type 25)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.091: 68:96:7b:cd:89:1b Processing Access-Accept for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.091: 68:96:7b:cd:89:1b Setting re-auth timeout to 1800 seconds, got from WLAN config.
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.091: 68:96:7b:cd:89:1b Station 68:96:7b:cd:89:1b setting dot1x reauth timeout = 1800
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.091: 68:96:7b:cd:89:1b Creating a PKC PMKID Cache entry for station 68:96:7b:cd:89:1b (RSN 2)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.091: 68:96:7b:cd:89:1b Adding BSSID 00:27:0d:2e:d0:5e to PMKID cache for station 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.092: New PMKID: (16)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.092:      [0000] 16 3d 85 48 73 81 21 c9 dc 14 19 2e 40 65 7c 74
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.092: 68:96:7b:cd:89:1b Disabling re-auth since PMK lifetime can take care of same.
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.092: 68:96:7b:cd:89:1b Created PMK Cache Entry for TGr AKM:802.1x 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.092: 68:96:7b:cd:89:1b   R0KH-ID:192.168.20.244   R1KH-ID:00:24:14:7e:74:c0  MSK Len:48
                                                                                                                                  pmkValidTime:1813
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.092: 68:96:7b:cd:89:1b PMK sent to mobility group
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.092: 68:96:7b:cd:89:1b Sending EAP-Success to mobile 68:96:7b:cd:89:1b (EAP Id 8)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.093: Including PMKID in M1  (16)
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.093:      [0000] 16 3d 85 48 73 81 21 c9 dc 14 19 2e 40 65 7c 74
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.093: 68:96:7b:cd:89:1b Starting key exchange to mobile 68:96:7b:cd:89:1b, data packets will be dropped
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.093: 68:96:7b:cd:89:1b Sending EAPOL-Key Message to mobile 68:96:7b:cd:89:1b
                                                                                                                        state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.093: 68:96:7b:cd:89:1b Received Auth Success while in Authenticating state for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.096: 68:96:7b:cd:89:1b Received EAPOL-Key from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.096: 68:96:7b:cd:89:1b Received EAPOL-key in PTK_START state (message 2) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.096: 68:96:7b:cd:89:1b Received EAPOL-key M2 with invalid MIC from mobile 68:96:7b:cd:89:1b
    *osapiBsnTimer: Apr 27 21:46:20.360: 68:96:7b:cd:89:1b 802.1x 'timeoutEvt' Timer expired for station 68:96:7b:cd:89:1b and for message = M2
    *dot1xMsgTask: Apr 27 21:46:20.361: 68:96:7b:cd:89:1b Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.364: 68:96:7b:cd:89:1b Received EAPOL-Key from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.364: 68:96:7b:cd:89:1b Received EAPOL-key in PTK_START state (message 2) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.364: 68:96:7b:cd:89:1b Received EAPOL-key M2 with invalid MIC from mobile 68:96:7b:cd:89:1b
    bug *osapiBsnTimer: Apr 27 21:46:20.760: 68:96:7b:cd:89:1b 802.1x 'timeoutEvt' Timer expired for station 68:96:7b:cd:89:1b and for message = M2
    *dot1xMsgTask: Apr 27 21:46:20.760: 68:96:7b:cd:89:1b Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.763: 68:96:7b:cd:89:1b Received EAPOL-Key from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.764: 68:96:7b:cd:89:1b Received EAPOL-key in PTK_START state (message 2) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:20.764: 68:96:7b:cd:89:1b Received EAPOL-key M2 with invalid MIC from mobile 68:96:7b:cd:89:1b
    *osapiBsnTimer: Apr 27 21:46:21.160: 68:96:7b:cd:89:1b 802.1x 'timeoutEvt' Timer expired for station 68:96:7b:cd:89:1b and for message = M2
    *dot1xMsgTask: Apr 27 21:46:21.160: 68:96:7b:cd:89:1b Retransmit 3 of EAPOL-Key M1 (length 121) for mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:21.164: 68:96:7b:cd:89:1b Received EAPOL-Key from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:21.164: 68:96:7b:cd:89:1b Received EAPOL-key in PTK_START state (message 2) from mobile 68:96:7b:cd:89:1b
    *Dot1x_NW_MsgTask_0: Apr 27 21:46:21.164: 68:96:7b:cd:89:1b Received EAPOL-key M2 with invalid MIC from mobile 68:96:7b:cd:89:1b
    =============================
    qh
    thanks in advance!

    Can anyone help me?

  • OBIEE 11.1.1.7 external database authentication fails with hashed passwords.

    Hi .
    I use an external database ( Oracle database 11g  release 11.2.0.1.0) to authenticate user with OBIEE 11.1.1.7.
    I configured  SQL Authentication provider as my provider ,It works OK with :enabled  Plaintext Passwords Enabled option and password  is stored as plain text.
    But It fails when I disable this option and want to authenticate with hashed passwords.It gives Authenticate Denied error.
    In Provider Specific tab there are some parameters which might need changes:
    1-Password Algorithm:??
    2-Password Style:??
    3-SQL Get Users Password:SELECT U_PASSWORD FROM USERS WHERE U_NAME = ?
    How can I find correct values for options 1 and 2 form my external database?
    And Is it need to rewrite query in option 3 ?
    Please find attach files.

    Hi,
    I too faced same issue when I was installing OBIEE 11.1.1.7.0 on windows7 64bit.
    Please refer the below links.
    http://satyaobieesolutions.blogspot.in/2013/05/configuration-action-creating-domain.html
    http://satyaobieesolutions.blogspot.in/2013/05/obiee-111170-simplesoftware-installation.html
    http://satyaobieesolutions.blogspot.in/2012/06/obiee-11.html
    Hope this help's
    Thanks,
    Satya

  • With Cisco Secure ACS For Windows TACACS+, authentication fails with AD

      I am setting up a Cisco Secure ACS 4.2 server to act as a TACACS server for Switches and Routers  I am using Windows 2003 server for the ACS,
    and a Windows 2003 Active Directory server.  The AD server is fine, as it is used for many other things.
    I have set up ACS as defined nit he installation guide, including all the steps in the 'Member Server' section of the install guide
    when using AD as an external database (i.e. setting up the services to run with a domain admin account, setting up a machine called 'CISCO'
    on the domain etc).
    I've set the unknown user policy to use the Windows database if the internal database doesn;t contain the user details.
    If I add a user to the internal database, the authentication goes through fine, with an entry in the 'Passed Authentications' log,
    02/24/2010,05:07:03,Authen failed,eXXXX,Network Administrators(NDG) ,X.X.X.X,(Default),Internal error,,(geting error message as INternal Error)
    I've scoured google etc, and just cannot come up with any reason why this should be happening.
      I've followed all the install guides to the letter.  I need to get this up and running as soon as possible,
    so am looking forward to finding out if anyone can help me with this one!
    THanks and regards
    Sharan

    Hi  Jesse,
    Thasts a great answer and Soution.
    My previous version was 4.2 and it was installed on 64 bit machine hence getting internal Error.
    After this answer i have upgraded it to ACS4.2.1 and its started working fine
    Thanks very much for the help
    Dipu

  • Time Machine Fails with New Internal HDD

    After vertical lines began proliferating on the screen of my iMac (intel core duo, late 2006 running Leopard 10.5.8), my Apple tech swapped it for a "similar" iMac, running the same OS, and dumped the contents of the original HDD onto the much larger new one. However, instead of an intel, the swap got me one of the original iMac G5 PPCs made in early 2006. After several days of having to reinstall software and other awful adjustments, the biggest problem is accessing Time Machine and having it continue with the new set-up (I gave the new HDD the same name as the old one).
    I can enter Time Machine but it remains static and I can not access any previous backups the usual way... I can click open the external drive (LaCie 1TB, Mac OS Extended, case-sensitive, journaled) and copy files if need be. It is filled only at 1/4 capacity.
    While doing that, I noticed in the backup list a last document "2011-11-01-024657.inProgress" at 3:47am followed by an alias folder "Latest" with the time stamp of 1:47am. I take it that 3:47am backup was interrupted when the iMac was shut down.
    I turned on Time Machine yesterday to get backups restarted but the first backup "failed." Now that the computer is different, will I have to reformat the LaCie to engage TM once more? Partition for two backup sets? For any of these options, I'd appreciate a step-by-step.
    Thank you too much!

    ClarkCom wrote:
    I can enter Time Machine but it remains static and I can not access any previous backups the usual way
    By default, Time Machine only shows the backups for the Mac it's running on.  To see the backups for a different one, you need the Browse... option, per #E2 in Time Machine - Troubleshooting.
    I can click open the external drive (LaCie 1TB, Mac OS Extended, case-sensitive, journaled)
    That's not a problem, and is the default when you let Time Machine format a backup drive.
    I noticed in the backup list a last document "2011-11-01-024657.inProgress" at 3:47am followed by an alias folder "Latest" with the time stamp of 1:47am. I take it that 3:47am backup was interrupted when the iMac was shut down.
    Correct. 
    I turned on Time Machine yesterday to get backups restarted but the first backup "failed."
    That could be any of a number of things.  See #C2 in the Troubleshooting article.  It will show you how to locate the message(s) that describe the problem, then help you fix it.    If that doesn't help, post back with details, including all the messages.
    Now that the computer is different, will I have to reformat the LaCie to engage TM once more?
    Depending on the space available, maybe, and it may be wise anyway.  Time Machine will start a new set of backups for the new Mac, so will need lots of room.  Worse, when the backup disk gets full, it will not delete the oldest backups from the old Mac to make room -- it will delete the oldest backups from the new one, instead.  (That's been fixed in Snow Leopard and Lion, but not Leopard.)

  • ITunes Library on External HD used with new OS install?

    Hi All.
    Macbook OS Update:  I'm planning on performing an OS erase and install of my newly purchased copy of Snow Leopard. But I've got quite an extensive iTunes library that's stored on an external hard drive. I've pointed iTunes to the drive and it now works as it should (if a little slow).
    Question is, how to perform the OS install and retain all of the iTunes library intact?
    Do I just point iTunes on my freshly OS installed Macbook to the music library on my external HD? Is it the same procedure as when migrating the library to an external HD - holding down the ALT key when iTunes is loading and then choosing a destination for iTunes to source content?
    I want to avoid having rip all of my CD's again!
    Any pointers welcome.

    Yetizone wrote:
    Question is, how to perform the OS install and retain all of the iTunes library intact?
    copy the entire iTunes folder (not just the iTunes music or media folder) to an external HD or thumb drive
    perform your erase & install
    copy the iTunes folder from the external to <Macintosh HD>/users/<yourname>/music on the new install (replacing the one already there)
    connect the external with your media files
    fire up iTunes

  • Using External Boot Drive with New Intel Mac Mini

    I have a 1st Gen MacMini and use an external 7200 RPM Lacie drive as the system boot drive along with all the applications.
    If I were to purchase a new Intel Mac Mini, is it possible to use the current external drive as the system drive or is there some conversion steps that would be necessary ?
    Thank you.

    You can use the hardware, but will have to repartition and reinstall the OS from the disk shipped with the new Mac Mini.
    http://docs.info.apple.com/article.html?artnum=303220
    If you create a disk image of the Lacie on your Mini, you can later use setup assistant to restore users and applications from that image.

  • External monitor issues with new OS

    Since switching to the new OS Lion I can't get my external monitor to work through my Toshiba docking station.  It used to work??

    I have to use an external monitor with my macbook pro because the screen stopped working a couple months ago. I think the problem with the screen is just a loose connection for the light source because the computer works fine otherwise.  The repair people in town say that it's a bad logic board which will cost 700 euros to fix so I've been using it closed with the monitor and a bluetooth keyboard and trackpad.  I installed 10.9.2 the other day because I had been using 10.6.8 and there was some software I wanted to use but it needed 10.7 or later. I just assumed 10.9 was safe or better than 10.7 or 10.8 and I didn't do any research or even try to buy or DL them because the links on the apple site led me to 10.9 and I just blindly followed.  So NOW when I open the lid to my macbook pro, the menu at the top of the monitor goes gray and the monitor flicks off for a second, and when it comes back all the running applications have vanished from the desktop, (all the open windows) and I can't type, scroll, mouse.  When I close the lid it works ok, but I really like the isight camera and I think the microphone is better than the one on my external camera, so it was nice to still be able to use them.
    I chatted with someone at apple for a while and he told me to erase my HD and install it again. He said the problems were because I installed it on top of an old OS and that a fresh install will fix all the problems.  I have an empty partition on my mbp and I'm about to try to install on that drive and see if it makes a difference, but I don't totally trust that guy.  I read the transcript of the chat and he gave me a lot of conflicting info.  Does anyone know if it makes a difference to install os 10.9.2 on a totally blank drive, or will the problems on the other partition corrupt everything else?

  • Wiki-Server, authentication fails with iPad

    Hello everybody,
    I have made a clean installation of OS X Server.
    I see a strange behavior with Wiki. When I try to authenticate with the iPad it says: "Failed to log in sucessfully" ?? I can, however access the Wikis that are "publicly" available without any issue, but what about the "hidden" ones?!
    When I use the Macbook, Firefox on a PC, or the iPhone then it's all fine. Authentication works as expected.
    Am I missing here something?

    I have this exact issue in my school, massively annoying being as we have a 1:1 rollout of over a thousand iPads and had invested considerable time developing resources on the wiki, and now, the only device it doesn't work on, is the same device that we have given to all our pupils.
    Charles

  • 6.1 SP 2 certificate authenticator fails with Apache plugin and SSL

    Hi,
    Does anybody have a certificate authenticator working in WebLogic 6.1
    SP 2, in combination with the Apache HTTP Server plugin and SSL?
    We implemented a certificate authenticator that works correctly in
    WebLogic 6.1 SP 2 when we configure SSL with "Client Certificate
    Required", and access it directly from a browser (the browser hits the
    SSL port of the WebLogic server, like 7002).
    This certificate authenticator also works correctly with a proxy web
    server. We set up a Stronghold server (web server based on Apache) on
    Linux with the Apache HTTP Server plugin from BEA, configured the
    plugin to use SSL, and configured our WebLogic 6.1 SP 1 server without
    "Client Certificate Required". The certificate authenticator gets the
    end user's certificate correctly.
    This same architecture with the proxy web server does not work when we
    upgrade the WebLogic Server to SP 2. WebLogic Server logs the
    "incorrect or missing client cert" error, our certificate
    authenticator is never called, and the browser gets a 401 Unauthorized
    error.
    We looked all over the WebLogic 6.1 SP 2 installation for a newer
    version of the plugin (mod_wl_ssl.so) and found the same version as SP
    1. We double-checked that it was the Linux-specific installer
    (because we'd found that some Linux libraries are missing from the
    generic installer). So it appears to us that the plugin encodes the
    certificate in the request header in such a way that a SP 1 server can
    extract it, but an SP 2 server cannot. We were wondering whether
    there might be changes to the plugin to stay in step with the SP 2
    server that never got ported to Linux, or whether an updated Linux
    plugin never got included in the installer packages.
    So: has anybody gotten a system like
    Apache/Stronghold + WebLogic Plugin <-- SSL --> WebLogic 6.1 SP 2 +
    Cert Auth
    to work?
    Thanks in advance for any help,
    Jim Doyle
    [email protected]

    A correction, I think:
    Now that I rolled back a system to 6.1 SP 1, it looks like 6.1 SP 1
    does include a different mod_wl_ssl.so from that in SP 2. I believe I
    was comparing the wrong file. In fact, trying to compare versions of
    the mod_wl_ssl.so makes things rather confusing:
    A mod_wl_ssl.so from a straight weblogic610sp2_generic.zip install has
    a cksum of "1853014778 1132467".
    A mod_wl_ssl.so from a weblogic610sp1_generic.zip install with a
    subsequent SP 2 upgrade install has a cksum of "1350917183 1147927".
    A mod_wl_ssl.so from a plain 6.1 install with subsequent SP 1 and SP 2
    upgrade installs, followed by an SP 2 uninstall and another SP 1
    upgrade install, has a cksum of "1471948065 1136501".
    I think I may be looking at three different plugin versions here: 6.1,
    6.1 SP 1, and 6.1 SP 2, assuming the upgrade installs don't actually
    change mod_wl_ssl.so. I'm not sure whether there's an easier way to
    verify what version of the plugin you have.
    In any case, we did try each plugin version, and none of them works
    against a 6.1 SP 2 WebLogic server.
    Jim
    [email protected] (Jim Doyle) wrote in message news:<[email protected]>...
    [snip]
    We looked all over the WebLogic 6.1 SP 2 installation for a newer
    version of the plugin (mod_wl_ssl.so) and found the same version as SP
    1. We double-checked that it was the Linux-specific installer
    (because we'd found that some Linux libraries are missing from the
    generic installer). [snip]

Maybe you are looking for

  • Windows Error after automatic shut down

    My notebook shuts itself down automatically when it is left unattended. It seems to be hibernating and I have pressed the ON switch to turn it off. When I turn it on again, I get a Windows Error, the one with the "Send Report/Don't Send Report" messa

  • ORA-01722: Error while executing query in Query Designer

    Hi All; I am getting the below error while executing a query ORA-01722: invalid number Error reading the data of InfoProvider Error while reading data; navigation is possible Have anyone encountered this before? How do i resolve this? Thanks! ~ Arun

  • Cannot display the text in Hyp Planning via ODI

    Hi, has anyone follow the tutorial from John Goodwin here: "http://john-goodwin.blogspot.com/2008/10/odi-getting-text-data-into-planning.html" ?? I'd tried the tutorial in order to able to display text in Planning. However, I still cannot display the

  • Differences in Background jobs and Dialog jobs

    Hi everyone, I am new to SAP and would like a little clarification regarding what is meant by Background jobs and Dialog jobs/processes. We had a situation at our client location where the system got completely bogged down to the point that it almost

  • Project Freezes on Mac

    Thanks to everyone who posted an answer about making files invisible. I appreciate the help. I have one more challenge. I have created a project that calls for .mov files (among other things) to run within it. Everything works great on PCs, but on MA