IOS 6.0.1 - Problems with certificate based authentication on wireless access point

Similar Messages

• ActiveSync with Certificate-Based Authentication

  We are trying to setup ActiveSync with certificate-based authentication against Exchange 2010 SP2, but with no luck.
  What has been done so far:
  OWA over https works fine. A public, trusted certificate is in place.
  Setup ActiveSync against this Exchange server: works fine, using user name/password.
  Issued a user cert, signed with an internal CA, CA-cert successfully imported into al client devices.
  Created a new OWA-site with cert-based authentication (just to make sure it works), imported user certificate into a mac, visit this OWA site - cert-based authentication works fine.
  Now, with the configuration utility, created configuration profile with that user cert and an ActiveSync account, left password blank and chose the imported cert (p12) as authentication means.
  After installing that last profile the device keeps asking for a password and refuses to synchronize. Logs on the server show error 401.2, so I assume iPhone is ignoring the cert and is trying to use password-authentication instead.
  The devices tested were iPhone 3G with IOS 4 and iPad 2 with IOS 5.
  Any help will be greatly appreciated.
  Roman.

  No-one with this experience?
  We've done some network analysis (as much as was possible to decrypt) and could see, that the server sends an SSL-Alert (rejection?) to the client after the client presents the certificate.
  That explains why the client falls back to password-authentication, but it does not tell us why the server rejects the cert (that is accepted perfectly when accessed from a browser) in first place.

• MfE with Certificate Based Authentication on E6

  Hello,
  I've been trying to setup MfE on my E6 but I can't find a way to configure it to use a personal certificate, I even tried using "Nokia Configuration Tool" but it tells me that my device does not support MfE with Certificate Based Authentication, I get "Invalid Credentials" when using a username & password.
  I get the same error on both Anna and Belle.
  Any help would be appreciated.
  Thanks

  Better give the MfE configuration in detail.
  Also please advise the if the server is a real Microsoft Exchange Server or a third-party mail service such as Gmail or Live.
  bbao
  * If this post helped you, please click the white Kudo star.
  * If this post has solved your issue, please click Accept as Solution.

• Exchange 2010 SP3 OWA with certificate based authentication

  Hi,
  I have a bizarre problem in my customer’s environment. Maybe someone has an idea.
  Exchange 2010 with SP3, latest cumulative Update installed.
  The problem I’m having is that when I enable Certificate based authentication (require client certificate option in IIS) on OWA and ECP virtual directories in conjunction with forms based authentication (this is the requirement – the user
  must have a client certificate and type in username and password to log in to OWA), the result is that after the user selects the certificate he wants to use, he is logged into OWA automatically, but cannot use the website, because it’s being constantly automatically
  refreshed (or redirected to itself or something like that). The behavior occurs with all users, with any browser. If client certificate is on required, forms based authentication works just fine. If I switch to “Basic Authentication” and enable client certificate
  requirement, then OWA act’s as it should be – so no problems. The problem only occurs when authentication type is forms based and client certificates are required.
  I have tried the exact same settings (as far as I can tell) on one other production server and one test server, and encountered no such problems.
  Anyone – any ideas?

  Hi McWax,
  According to your description and test, I understand that all accounts cannot login OWA when select require client certificate.
  Is there any error message when open OWA or login? For example, return error ”HTTP error: 403 - Forbidden”. Please post relative error for further troubleshooting.
  I want to confirm which authentication methods are used for OWA, Integrated Windows authentication or Digest authentication? More details about it, for your reference:
  http://technet.microsoft.com/en-us/library/bb430796(v=exchg.141).aspx
  If you select another authentication method, please check whether Client Certificate Mapping Authentication services is installed, and also enabled in IIS, please refer to:
  http://www.iis.net/configreference/system.webserver/security/authentication/clientcertificatemappingauthentication
  To prevent firewall factor, please try to sign in OWA at CAS server. Besides, I find a FAQ about certificate:
  http://technet.microsoft.com/en-us/library/aa998424(v=exchg.80).aspx
  Best Regards,
  Allen Wang

• Exchange 2013 - How to configure Outlook Anywhere with certificate based authentication?

  Hello,
  is it possible to secure Outlook Anywhere in Exchange 2013 with certficate based authentication?
  I found documentation to configure CBA for OWA and ActiveSync, but not for Outlook Anywhere.
  We would like to secure external access to the mailboxes via Outlook by using CBA.
  Thanks a lot in advance!
  Regards,
  André

  Hi,
  Let’s begin with the answer in the following thread:
  http://social.technet.microsoft.com/Forums/en-US/e4b44ff0-4416-44e6-aa78-be4c1c03f433/twofactor-authentication-outlook-anywhere-2010?forum=exchange2010
  Based on my experience, Outlook client only has the following three authentication methods:Basic, NTML, Negotiate. And for more information about Security for Outlook Anywhere, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/bb430792(v=exchg.141).aspx
  If you have any question, please feel free to let me know.
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• IOS 4.2.1 breaks web-based authentication to wifi access points

  Whenever I tried to access the *wifi access points* I use more often *whose authentication is web-based*, like the one at my public library or at my office, although I input my username and password correctly, I am always bounced back to the login form.
  Before iOS 4.2.1 I know that there was a problem of this sort already, related to *some incompatibility between Safari's auto-fill features and the access points*, that could be solved by simply turning off auto-fill, and I did that. But know *it looks like the problem got to a new level of subtlety*.
  Interestingly, *everything worked nicely while I was using the Gold Master version of iOS 4.2.0* that never made it to release, so the solution has to be found among the differences between 4.2.0 and 4.2.1, if you're an Apple engineer reading this.
  Can you help? Any idea or trick to try that I didn't already? Thanks!
  Giacecco

  Hi Richard,
  You mentioned that 'Apple put the AirPrint spec out there for all printer makers'. I've been looking around but I haven't found any spec. Where did you find it?
  Do printer makers have to buy a license in order to be able to advertise that they've implemented the AirPrint protocol? Is there maybe an Apple review process in place?
  TIA
  Geert

• Problems with static IP from TP-Link Access Point

  Hello Guys!
  I'm new with Apple - i got a Macbook Pro Mid 2012 since 2 weeks.
  Everythings running fine and im really happy with the Macbook - except of the Wifi.
  I have the problem that the internet connection is just working temporarily, sometimes its just working for 1 minute, then its just stopping. im still connected to the wifi, no connection abortion. websites are just not getting loaded or just half.
  i cant find a solution for it, so please help me
  I connected a TP-Link tl-wa801nd with a ethernet cable to our companys network - creating a wifi network access point with which i can connect to with my devices (Macbook Pro, iphone and Win7 PC)
  I have to give my devices a static ip, when i want to connect with it:
  IP: 192.168.0.151 - 192.168.0.199
  Subnet mask: 255.255.255.0
  Router and DNS: 192.168.0.1
  These preferences are working perfect with the iphone, Win 7-PCs and some friends Android or BB phones. No problems.
  Except of the Macbook pro:
  I got the newest Mavericks on it and the same network preferences (except of a ascending ip address and the search domain 192.168.0.1)
  But like i said above - network is just working temporarily, sometimes for 1 minute, then stopping for 10 minutes... The problem must be the macbook, because every other devices is working fine.
  Thank for your helping answers
  banana-benjiro

  Hello banana-benjiro,
  Thanks for using Apple Support Communities.
  For more information on this, take a look at:
  Safari 5.0.1 or later: Slow or partial webpage loading, or webpage cannot be found
  http://support.apple.com/kb/ts3408
  Best of luck,
  Mario

• Problem with creating an Infrastructure Network (via Access Point) for WLS 9163.

  Hi,
  I am trying to connect the WLS 9163 to an Infrastructure Network (via an Access Point). I have connected it via an Ethernet cable and am using MAX to configure it.
  The setting are as below:
  Obtain IP Address through: DHCP
  Country: US
  Radio On: Yes
  SSID: wireless (selected from drop down implying the wireless network is detected)
  Wireless Mode: Infrastructure
  Authentication: Open
  After doing these settings, I click on Save Settings. The device reboots itself and takes the IP address, Subnet mask and default Gateway automatically. The WLS link LED on the device is also turned on. The System State is 'Connected' and both the Wired and Wireless Connection Status is shown as 'UP'.
  So far so good.
  Now if I remove the wired connection and refresh the device, it does not get connected via wireless (which I believe it ideally should). The System State is shown as Disconnected. 
  I am using a Phoenix Contact WAP and have set the authentication as Open. 
  Please suggest some solution.  

  I had this exact same problem and it took me a while to figure out. As strange as this sounds, I figured out that for some reason if I had the WLS-9163 too close to the router and I pulled the wired connection, the wireless connection could drop. I read on a post in a different forum about someone removing their antenna and it working just fine so I tried that and it worked off and on but mostly off. So I figured out that the further distance away I was the better the connection stability was and I got far enough away from the router to where it was a steady solid wireless connection. This sounds really backwards from what it should be and was really bizarre but I tried different routers, used all different types of settings, had the latest firmware and had all of the equipment sitting on my desk and could not get it working once I removed the wired connection. This may not solve your problem but this worked for me so I thought I'd share that info. I was just so shocked to figure out being too close to the router seemed to be screwing my stuff up.

• What are steps configure Certificate based authentication for Wireless clients with ACS 5.3?

  I need to autheticate my clients connecting via wireless.
  clients have user certificate installed on them, i need help configuring the ACS to do the authentication.
  can some one please help me with the steps.
  Thanks

  Two primary steps
  - define the trust certificates needed to verify the clients user certificates
  Users and Identity Stores > Certificate Authorities
  - change result of identity policy to select a certificate authorization profile. If have the defautl config
  Access Policies > Access Services > Default Network Access > Identity
  by default can select the "CN Username" as a result

• Surface Pro 3 with AIR-AP1042N-N-K9 Wireless Access Point

  I am trying to connect two recently purchased Microsoft Surface Pro 3 windows 8.1 tablets to a cisco AIR-AP1042N-N-K9 (firmware 15.2(4)JA1) wireless access point. The tablet asks for the wlan password then displays 'can't connect to network'. I am able to connect to the AP using other Win 8.1 devices using WPA2-Personal + TKIP. The Surface Pro 3s connect to other wlans using other access points.
  Please would you help.

  Thank you man that *REALLY* worked!
  Regards,
  Stefano.
  pcroak ha scritto:Stefano,The 521 series AP can operate in lightweight or standalone mode. If your AP currently has the lightweight image on it we can convert it using tftp. (I suspect it does, as the part number AIR-LAP indicates lightweight while AIR-AP is typically standalone)The best way to confirm is to check the cdp neighbor details for the AP software version (or login to the AP console and issue a "show version").If the software has "k9w7" in the name, that is standalone. If it has "k9w8" then it is lightweight. When operating in lightweight you will not be able to telnet/ssh or go to the AP web page.To convert your AP to standalone, please follow the procedure found here:http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918-Patrick CroakWireless TAC

• Certificate based authentication with iOS Client

  Hello experts,
  I have a question regarding the certificate based authentication in SAP Mobile Documents. With the Android Client it is "easy" possible to use certificate based authentication by just sending the user certificate to the Android device (using mail, MDM or whatever).
  For the iOS App it is written that the user has to sync the certificate to the device using iTunes sync. Is this really the only possibility to bring the certificate to the iOS device so that the App can use it? I have successfully tested by adding the certificate using iTunes, but I cannot make it working using MDM to push the certificate to the device. SAP Mobile Documents just cant see the installed certificate.
  Am I doing something wrong here?
  Thanks for your help.
  Ernst

  Hi, I don't think this is supported on iOS right now. Something for future ....

• SSO Certificate-based authentication problem

  Hello,
  I have successfully configured certificate-based authentication, and I am able to authenticate with a user certificate that I created with OCA which is stored in the user's profile in OID. Here lies my problem, it seems as if the authentication module (ssomappernickname) only validates against the first certificate stored in the user's profile(userCertificate attribute). This is after I add another certificate to the user's profile. Below is the problem I am describing during my tests:
  Order of certificates stored in user's profile.
  1. valid cert, invalid cert -> successful authentication
  2. invalid cert, valid cert -> unsuccessful authentication (it should STILL be successful here)
  Shouldn't the SSO authentication module search each binary certificate in the multi-value attribute for the correct certificate? Or is there some LDAP control that I need to set in order to get this problem solved? Basically, I need to be able let user's perform certificate authentication against multiple certificates in their profiles.

  For the benefit of anyone finding this, in my case this problem was resolved by reimporting my internal CA's Cert into the ASA.
  I suspect I had inadvertently imported an expired CA Cert into the ASA and this rather un-informative error 1838 is trying to tell you this. 

• Problem with File Based replication in Weblogic Express 10

  Hi,
            We have Web application (exploded war) file deployed on Weblogic Express 10, to a Cluster of three Managed Servers (all three on different physical machines).
            We are using File based session persistance in weblogic.xml
            We have a shared location for all the three servers where we will be sharing the Session data.
            When we start the application, its works fine and is very fast, but after sometime the application slows down.
            Troubleshooting the Issue we found that its a problem with file based replication. By using File based replication every user session is stored in form of directory inside shared directory. So after sometime thousands of directories are created inside the shared directory where the session information is stored. So when we access the application, its waiting for lot of time with Message Session Monitor .... (this is because its browsing through the shared session storage directory for lot of time for session information as it has lot of directories) and finally after a long time like 10 mins we get the Application Home Page.
            When we clean up all the saved sessions inside shared directory, the application works fine, But we will see the same sometime later may be after 3 or 4 hours when the shared session directory has lot of session information stored in it.
            Is there a way to clean up the saved session information on file system as soon as that user session is closed by using file based replication.
            We cannot used Inmemory replication as our Appl doesnt support it.
            Please advice as it is a major show stopper in our Production Mirror env.
            Weblogic Consultant

  It is possible to reduce number of live session by configuring very low timeout-secs weblogic.xml. Default is 60 minutes.
            More details are here..
            http://e-docs.bea.com/wls/docs100/webapp/weblogic_xml.html#wp1071982
            Jayesh
            Yagna Sys

• Certificate based authentication with sender SOAP adapter. Please help!

  Hi Experts,
     I have a scenario where first a .Net application makes a webservice call to XI via SOAP Adapter. Then the input from the .Net application is sent to the R/3 system via RFC adapter.
  .Net --->SOAP -
  >XI -
  >RFC -
  R/3 System
  Now as per client requirement I have to implement certificate based authentication in the sender side for the webservice call. In this case the .Net application is the "client" and XI is the "server". In other words the client has to be authenticated by XI server. In order to accomplish this I have setup the security level in the SOAP sender channel as "HTTPS  with client authentication". Additionally I have assigned a .Net userid in the sender agreement under "Assigned users" tab.
  I have also installed the SSL certificate in the client side. Then generated the public key and loaded it into the XI server's keystore.
  When I test the webservice via SOAPUI tool I am always getting the "401 Unauthorized" error. However if I give the userid/password for XI login in the properties option in the SOAPUI tool then it works fine. But my understanding is that in certificate based authentication, the authentication should happen based on the certificate and hence there is no need for the user to enter userid/password. Is my understanding correct? How to exactly test  certificate based authentication?
  Am I missing any steps for certificate based authentication?
  Please help
  Thanks
  Gopal
  Edited by: gopalkrishna baliga on Feb 5, 2008 10:51 AM

  Hi!
  Although soapUI is a very goot SOAP testing tool, you can't test certificate based authentication with it. There is no way (since I know) how to import certificat into soapUI.
  So, try to find other tool, which can use certificates or tey it directly with the sender system.
  Peter

• Problem with replication based on materialized view

  Problem with replication based on materialized view...
  Given:
  1. Source: S-1
  2. Targets: T-1, T-2
  3. DB links: from T-1 to S-1, from T-2 to S-1
  Required replicate table TBL on S-1 to T-1, T-2 via db links.
  On S-1 was created materialized view log with PK on TBL. On T-1, T-2 were created mat.views as "on prebuilt table refresh fast on demand". In case of get "ORA-12034: materialized view log younger than last refresh" or initial load - perform complete refresh. Initial load on T-1 takes about 1 hour, on T-2 - about 12 hours. Refresh is executed via job with minutely interval. If refresh is running then it is not performed.
  Problem: after initial load on T-1 performs fast refresh, but on T-2 raised ORA-12034 and complete performs again.
  What's wrong?

  34MCA2K2, Google lover?
  I confess perhaps I gave a little info.
  View log was created before MV.
  It was the first initial load.
  No refresh failed.
  No DDL.
  No purge log.
  Not warehouse.
  There is no such behavior for MVs on another sites.
  P.S. I ask help someone who knows what's wrong or who faced with it or can me  follow by usefull link.
  P.P.S. It's a pity that there is no button "Useless answer"