Seeburger : DECRYPTION ERROR
Hi guys,
I'm having the following error :
I'm using Seeburger AS2 adapter and I'm trying to receive a message from an external partner.
I've the corresponding configs on the sender agreement from the external partner:
sender agreement
Sender Configuration
Authentication Certificate : \AS2\testPartner
Receiver Configuration
Decryption Key: \AS2\testMykey
Signing Key: \AS2\testMyKey
And I'm getting the following error
Error while parsing AS2 message: DECRYPTION_ERROR # Error while loading decryption certificate: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: There is no key entry with such alias in keystorecom.seeburger.ediint.edi.EDIMessageException: cannot decrypt message (certificate or private key missing)
I've tried several certificates, generated other keys but the error is always the same....
It seems that the alias is not found? But it's there...
Does anyone had the same problem?
Hi Peter,
Thanks for your quick response.
I'll restart the J2EE Engine and I'll give you feedback. Thanks for remembering.
I've noticed that you used on the receiver agreement the partnersKey for the encryptionCertificate. It was a mistake, right?
"receiver agreement:
Signing Key: TRUSTED/AS2/AS2myKey
Encryption Certificate: TRUSTED/AS2/partnersKey
Authentication Certificate: TRUSTED/AS2/AS2myKey"
it should be
"receiver agreement:
Signing Key: TRUSTED/AS2/partnersKey
Encryption Certificate: TRUSTED/AS2/AS2myKey
Authentication Certificate: TRUSTED/AS2/AS2myKey"
Right?
Again, thanks for your quick reply.
P.S. - I'll give you feedback on the other threads. I'm doing stress tests with my external partner, and literally stressed tests
Similar Messages
-
I am using Entourage and followed all the instructions above and still getting IMAP Server error. Error msg:Security failure. Data decryption error.
-
InternalError: DES Decryption error
**PLEASE HELP** I recenty did an extension update from MCE 1.2.1 to 1.2.2 for both the 1.2.2 framework and provider. It resolved my previous ExceptionInInitializerError of 'Cannot set up certs for trusted CAs.' I'm now getting an InternalError or "DES Decryption error
at com.marconi.soc.util.Des3.decrypt (Des3.java:114)
at com.marconi.soc.util.Crypt3.decrypt (Crypt3:java:51)
and so on.
This occurs after starting Openview's NNM which is integrated with Marconi's NMS app, ServiceOn Data (ver2.2).
I'm not a software or java person so I desperately need some expert help from this forum.
I believe we're using jre 1.2 thru 1.4 ( each NMS app uses a different jre version, I think). It all worked fine before the JCE expired.Hi,
MDN (Message Disposition Notifications) is nothing but an Exchange Level acknowledgement. MDN ensures the sender of the document that the recipient has successfully received the document. The sender specifies how the MDN is to be sent back (either synchronously or asynchronously, and signed or unsigned). MDN provides the "Non-repudiation" element of AS2
In case, recipient is able to read the received message successfully a success MDN is sent back otherwise a failed MDN is sent back. Not getting any MDN back also indicates a failure.
Ask your tp to check the information he/she received in MDN.
Regards,
Anuj -
Packet Encryption/Decryption error
This error message is from a site-to-site VPN router. The whole error message is like:
Aug 11 00:37:22.725 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:39:05.192 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:39:53.961 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Aug 11 00:40:55.447 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
Does anybody see/handle this type of error before ? The explaination in the CCO for this error message does not help much. What is the 'status=4610' ? I also see the status number can be 4612 and 4613.
I also noticed the "ah_auth_failure:" in "sh cry eng accelerator statistic " increase by one each time I got this error in the syslog
Thanks in advanceXuam,
what was the fix to your problem. I am getting exact same problem.
Alphonse -
I'm trying to set up an internet pay and go account with BTyahoo. However, once I've connected, my ibook won't go to the registration page... it just says "Security Failure. Data Decryption Error" BTYahoo say it must be a mac problem but I've no idea what to do about it.
Perhaps I need to change some security setting on my iBook?
Any help would be very appreciated!
Thanks.
OS X Mac OS X (10.4.2) It might be an OS X 10.3 or 10.4. Can't remember.seenfromabove, Welcome to the discussion area!
What browser are you using? Try a different one. For example if you are using Safari, try Firefox or Netscape. -
SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
Hello everybody,
I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".
Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.
Below is the SSL debug log
ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...
ssl_debug(15): Received v3 server_hello handshake message.
ssl_debug(15): Server selected SSL version 3.1.
ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...
ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(15): CompressionMethod selected by server: NULL
ssl_debug(15): Server does not supports secure renegotiation.
ssl_debug(15): Received certificate handshake message with server certificate.
ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.
ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(15): Received certificate_request handshake message.
ssl_debug(15): Accepted certificate types: RSA, DSA
ssl_debug(15): Accepted certificate authorities:
ssl_debug(15): CN=XXXXXXXXXXXXXXXXXXXXXXXX
ssl_debug(15): CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15): CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15): Received server_hello_done handshake message.
ssl_debug(15): Sending certificate handshake message with RSA client certificate...
ssl_debug(15): Sending client_key_exchange handshake...
ssl_debug(15): Sending certificate_verify handshake message...
ssl_debug(15): Sending change_cipher_spec message...
ssl_debug(15): Sending finished message...
ssl_debug(15): Received alert message: Alert Fatal: decrypt error
ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
ssl_debug(15): Shutting down SSL layer...
My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).
Does somebody have an idea what could cause this SSL handshake failure?
Best regards,
MaximThe XPI inspector gave more understanding of the situation. It shows which certificates the remote server is sending, which client certificate is used for authentication and many other topics. Interesting enough the XPI inspector shows that PI trusts the server key whereas the NWA log at the very same time tells that it doesn't. I have posted an OSS message asking to explain why there is this discrepancy.
-
EAP_TLS not successful, getting X509 decrypt error - certificate signature failure
Hi
I am trying EAP-TLS authentication on ACS 5.1.
I have placed the Root CA of the device certitifcate on ACS.
But getting this error.
OpenSSLErrorMessage=SSL alert
code=0x233=563 ; source=local ; type=fatal ; message="X509 decrypt error - certificate signature failure"
OpenSSLErrorStack= 3055889312:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2649
Can anyone help in debugging the issue, is it problem with Device's root CA certificate or anything else
ThanksHi Smita,
Similar post but with ISE:
https://supportforums.cisco.com/thread/2135392
Are we using SHA 2 certs anywhere here?
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html#wp157364
ACS 5.2 supports SHA 256.
Rate if useful -
WEP Key decrypt error + Symbol 9060
I have a WLC 4400 running ver 3.2.150.6. The LAP is a 1242AG-A-K9. I am getting this error message on the wireless controller log when I try and use my Symbol 9060 RF units the message is:
WEP Key decrypt error. Station MAC Address is 00:a0:f8:ba:b5:36, Base Radio MAC is 00:19:a9:0f:d7:90 and Slot ID is 0.
My setup is WPA using 802.1x and the units do authenicate but then after a random period the users lose their sessions. Actually doesnt seem to matter whether I am using WPA or WEP, i still drop. I havent had this problem with the fat APs. Any ideas?Cisco is saying the WEP error is a known bug and its a fake message, so that is probably not what is causing the drops. When the clients first started dropping I also noticed another error message but it hasnt show back up till today when i put more client guns back in use. the error is:
WPA MIC Error counter measure activated on Radio with MAC 00:19:a9:0f:bd:80 and Slot ID 0. Station MAC Address is 00:a0:f8:d2:34:98 and WLAN ID is 1.
Any thoughts? -
We have WPA2 clients and WLC4402, why is the controller reporting this error message. Does anyone know ? It doesn't seem to effect the connection but I'm just concerning.
Tue May 9 12:47:20 2006 WEP Key decrypt error. Station MAC Address is xx:xx:xx:xx:xx:xx, Base Radio MAC is xx:xx:xx:xx:xx:xx and Slot ID is 1.Hi
We are using 802.1x and 104 bit WEP to authenticate against a ACS Server
(LEAP)
Sporadically we are also getting the same errormessage muliple times:
Wed Nov 1 12:09:01 2006--WEP Key decrypt error. Station MAC Address is 00:40:96:b1:d1:01, Base Radio MAC is 00:0b:85:71:21:01 and Slot ID is 1.
Wed Nov 1 12:05:01 2006--WEP Key decrypt error. Station MAC Address is 00:40:96:b1:d1:01, Base Radio MAC is 00:0b:85:71:21:01 and Slot ID is 1.
It seesms that this error-essage are dieplayed in different configuration cenarios.
Does anyone know what exactly the reason is for this error message is.
(Execpt for the Cisco docu statement "Notification sent when the controller detects a WEP decrypting error.")
Best Regards
Jarle -
Hi
We've got a wireless implementation with Wisms and 1142 LAPs and for a while we've been getting decrypt errors and like other posts here say, I've been ignoring them because they haven't been disconnecting clients but now they are getting disconnected. Errors like the one below seem to be causing the client to be disconnecting:
Decrypt error occurred for client 'xx:xx:xx:xx:xx:xx' using 'WPA' key on '802.11b/g' interface of AP 'xx'. - Controller Name: WLC-1
Its happened to 3 out of 5 laptops in one location plus an iPhone 3GS in another location, all the laptops are the same model and on the same versions of of drivers.
We're on 6.0.188.0.
Any suggestions on what to do?
ThanksHi Megz,
This is cosmetic :)
DECRYPT_ERROR_FOR_WRONG_WPA_WPA2
MIB Name
CISCO-LWAPP-DOT11-CLIENT-MIB. CiscoLwappDot11ClientKeyDecryptError.
WCS Message
Decrypt error occurred at AP with MAC "{0}" running TKIP with wrong WPA/WPA2 by client with MAC "{1}."
Symptoms
The controller detects that a user is trying to connect with an invalid security policy for WPA/WPA2 types.
WCS Severity
Minor.
Probable Causes
The user failed to authenticate and join the controller.
Recommended Actions
None.
http://www.cisco.com/en/US/docs/wireless/wcs/4.1/configuration/guide/wcsevent.html#wp1150053
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddf95ef/0#selected_message
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbf340f
Hope this helps!
Rob -
I am exposing a stateless Session bean as a webservice and have setup truststore/keystore to allow clients access using 2-way SSL. Recently one of the clients beagn to get TLS Alert 51 - Decrypt Error during the SSL handshake, right after "HANDSHAKEMESSAGE: CertificateVerify". Other clients of 2-way SSL don't appear to have any issues.
Has anyone seen this?
Thanks
Peter
some SSl debug follows:
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLTrustValidator returns: 0>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Trust status (0): NONE>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange RSA>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <isMuxerActivated: false>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 SSL3/TLS MAC>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 received HANDSHAKE>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: CertificateVerify>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <NEW ALERT with Severity: FATAL, Type: 51
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ServerStateReceivedClientKeyExchange.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <write ALERT, offset = 0, length = 2>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <close(): 7828>
####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLIOContextTable.removeContext(ctx): 9723897>I too am struggling with SSL but I was given some help by BEA. This does not help me since It seems like the proxy jar I download from the WS Home Page wants to go directly to the JPD not the jws. This example of two way SSL should work for you. I am including the Main class but not the generated files it refers to. I don't know how to attach files to the news groups. The key thing it to make use of the adapters. The Impl and Port are part of the downloaded proxy.
public static void main(String[] args) throws Exception {
// set weblogic ServiceFactory
System.setProperty("javax.xml.rpc.ServiceFactory", "weblogic.webservice.core.rpc.ServiceFactoryImpl");
// set weblogic client protocol handler
System.setProperty("java.protocol.handler.pkgs", "weblogic.webservice.client");
// set the SSL adapter
SSLAdapterFactory adapterFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) adapterFactory.getSSLAdapter();
// two-way SSL you must loadLocalIdentity to provide certs back to the server
FileInputStream clientCredentialFile = new FileInputStream ("./client/clientcred.pem");
String pwd = "canpass";
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
adapter.setVerbose(true);
adapter.setTrustedCertificatesFile("./config/ca1024.pem");
adapter.setStrictChecking(false);
adapterFactory.setDefaultAdapter(adapter);
adapterFactory.setUseDefaultAdapter(true);
String a = null;
if (args.length < 1) {
a = "Sample String";
} else {
a = args[0];
ToUpper_Impl lookup = new ToUpper_Impl();
ToUpperPort value = lookup.gettoUpperPort();
String result = value.toUpper(a);
System.out.println(result);
} -
Hi everybody,
I got this trap massage on WLC.
The client failed to communicate, it was still associated wiht WLC though.
the trap massage log is blow
"Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"
My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)
Thanks.We use Dynamic wep key, EAP-TTLS / PEAP.
I attach the output.
WLAN Identifier.................................. 1
Profile Name..................................... kssl
Network Name (SSID).............................. kssl
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More-- or (q)uit
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 10.10.9.44 1812
Authentication................................ 10.10.9.45 1812
Accounting.................................... 10.10.9.44 1813
Accounting.................................... 10.10.9.45 1813
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Enabled
--More-- or (q)uit
Encryption:..................................... 104-bit WEP
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Disabled
Client MFP.................................... Optional but inactive (WPA2 no
t configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Mobility Anchor List
WLAN ID IP Address Status
Thank you. -
WLC 4.0.217.0 reporting Decrypt Errors
Hi,
My customer is using Cisco WLC 4402 running 4.0.217.0 and is reporting that Wireless clients are getting disconnected and reconnected every half hour and when I check for the trapslog I get the following error messages.
Decrypt errors occurred for client 00:19:d2:76:2e:7e using WPA2 key on 802.11b/g interface of AP 0 0:1a:30:2e:c2:b0
AP's Interface:1(802.11a) Operation State Down: Base Radio :00:1a:30:2e:be:90 Cause=Heartbeat
Timeout
I have checked for known issues but couldn't find any pertaining the issue or error message.
Could someody help or share any info to find way out to troubleshoot as what is causing this issue.
Thanks in advance.so we are now after disabling PEAP fast reconnect seeing tons of these errors. this is the trigger point that started creating these messages. prior to the disabling of the PEAP fast reconnect, we had clients who anywhere from 10-60 minutes would get kicked off associations with their AP. then within 1-3 seconds a reconnect would occur. a cisco TAC case engineer recommended that we take off PEAP fast reconnect.
here is the snmp-trap logs from the controller and our controller is running the following:
Software Version 4.2.112.0
System Name XXXWLC01
Up Time 7 days, 20 hours, 28 minutes
System Time Tue Jul 1 12:54:54 2008
Internal Temperature +33 C
802.11a Network State Disabled
802.11b/g Network State Enabled
Default Mobility Group apples
log output:
Tue Jul 1 12:45:05 2008 Decrypt errors occurred for client 00:19:d2:60:a1:71 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:62:20
1 Tue Jul 1 12:44:34 2008 Decrypt errors occurred for client 00:1d:e0:74:3c:b5 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2d:1a:00
2 Tue Jul 1 12:44:33 2008 Decrypt errors occurred for client 00:16:6f:6b:38:23 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:60:10
3 Tue Jul 1 12:44:13 2008 Client Association Failure: Client MAC Address:00:13:ce:c3:81:d3, AP Base Radio MAC:00:1c:f9:2d:1a:00, Slot: 0, Reason:Unspecified, ReasonCode: 1
4 Tue Jul 1 12:43:52 2008 Decrypt errors occurred for client 00:16:6f:96:f8:98 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:62:a0
5 Tue Jul 1 12:43:48 2008 Decrypt errors occurred for client 00:1d:e0:32:5b:cb using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:26:40
6 Tue Jul 1 12:43:33 2008 Decrypt errors occurred for client 00:15:00:22:d8:31 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:bf:d0
7 Tue Jul 1 12:43:28 2008 Decrypt errors occurred for client 00:15:00:43:10:5a using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:97:c0
8 Tue Jul 1 12:43:28 2008 Decrypt errors occurred for client 00:19:d2:27:75:c0 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:5b:50
9 Tue Jul 1 12:43:19 2008 Decrypt errors occurred for client 00:18:de:cf:68:f1 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:cb:e0
10 Tue Jul 1 12:43:19 2008 Decrypt errors occurred for client 00:18:de:d5:39:f2 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:cb:e0
11 Tue Jul 1 12:42:58 2008 Decrypt errors occurred for client 00:18:de:cf:85:0d using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:c3:00
12 Tue Jul 1 12:42:51 2008 Decrypt errors occurred for client 00:1d:e0:76:79:27 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:5e:80
13 Tue Jul 1 12:42:35 2008 Decrypt errors occurred for client 00:1b:77:0b:c0:d6 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:78:c0
14 Tue Jul 1 12:42:33 2008 Decrypt errors occurred for client 00:1b:77:0b:d8:4f using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:60:10
15 Tue Jul 1 12:42:31 2008 Decrypt errors occurred for client 00:16:6f:8f:52:cc using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:0c:f0 -
Decrypt Errors occuring in WLC Log
Hi all,
we see a strange message in our WLC logs, which occurs quite often (>10 times a day):
Decrypt errors occurred for client [MAC-Adress] using WPA key on 802.11b/g interface of AP [MAC-Adress]
The MAC-Adresses of the affected clients are varying as well as the APs reporting the error.
The clients are Notebooks, Cisco IP-Phones and Nokia-DualBand-Phones.
Even more frequently we see the following message in the log:
%ETHOIP-3-PING_TRANSMIT_FAILED: ethoip_ping.c:227 send_eoip_ping: Failed to tx Ethernet over IP ping rc=5.
We use TKIP as Encryption and EAP-Fast as well as LEAP as Authentication (Cisco ACS).
The WLC is an 2106, the APs are 1242AG.
We don't recognize any problems placing calls or talking over these phones. It's just these messages in the log that concern me.
Anyone else got these messages (and hopefully fixed them :))
Greets,
SebastianHi Everyone, you can count me in as well for getting the decrypt errors. However the only difference is that I'm not using WPA on the network that this is happening on. The wlan that is reporting this for me is just a simple WEP key. I'm thinking this is related to encryption since TKIP is also based on RC4. I also have other WLANS where I use WPA2 Enterprise with AES (PEAP MS-CHAPv2) and I do not see the decrypt errors for those clients. Also, to further expand on this I haven't noticed any client problems either. Maybe this is a bug that doesn't cause denial of service. I'd love to get rid of them though! This is with a 4402 WLC and 1242AG AP's...
-
Decrypt Errors on WLC version 7
Hello
I am seeing a lot of the following showing up in the WLC trap log:
Decrypt errors occurred for client <CLIENT-MAC> using WPA2 key on 802.11b/g interface of AP 00:17:0f:81:ad:90
I have done a fair amount of searching about and I cant seem to find a clear explanation for this message. Could someone suggest what might be causing these issues and how to resolve them?
For refernce we are using WLC runninn 7.0.98 and ACS 4.0
Thanks in advance.Its a fair range of clients across several APs in the building. I havent got an exact list of
clients but I know its both old and new Lenovo/IBM laptops as well as Macbooks and Macbook Pros.
Our APs are the 1131AGs if that helps.
Maybe you are looking for
-
Stock transport order with BAPI_PO_CREATE1
Hi, can anybody give me an advice how to use the function BAPI_PO_CREATE1 to create stock transport orders? I´m getting some errors when I run it. Here is my test data I have used: poheader-comp_code: NO10 poheader-doc_type: UB poheader-langu: EN poh
-
How Can I execute a java program using java code?
{color:#000000}Hello, i am in great trouble someone please help me. i want to execute java program through java code i have compiled the java class using Compiler API now i want to execute this Class file through java code please help me, thanks in a
-
BD64 - Distribute Model View error?
Hi, Expert: when I distribute model view using BD64. the following error message comes: "Target system is an external System. It does not support this function." what's the problem? thanks
-
Hi All, Currently my Company have 3 module implemented in our production system MM, FI, HR and plan to implement new module PM. I'd like to know what technical things should I prepared for that plan. Such how much space should i reserve or somethin
-
Can Open Hub Destinations be used with Multiproviders?
We're looking to export data from a multiprovider, using Open Hub Destinations, however when I try to create the OHD, Multiprovider does not show up as an object type. I've tried entering Infocube, but then when I search for the multiprovider, it is