Seeburger : DECRYPTION ERROR

Similar Messages

• HT4864 I am using Entourage and followed all the instructions above and still getting IMAP Server error.  Error msg:Security failure.  Data decryption error.

  I am using Entourage and followed all the instructions above and still getting IMAP Server error.  Error msg:Security failure.  Data decryption error.

• InternalError: DES Decryption error

  **PLEASE HELP** I recenty did an extension update from MCE 1.2.1 to 1.2.2 for both the 1.2.2 framework and provider. It resolved my previous ExceptionInInitializerError of 'Cannot set up certs for trusted CAs.' I'm now getting an InternalError or "DES Decryption error
  at com.marconi.soc.util.Des3.decrypt (Des3.java:114)
  at com.marconi.soc.util.Crypt3.decrypt (Crypt3:java:51)
  and so on.
  This occurs after starting Openview's NNM which is integrated with Marconi's NMS app, ServiceOn Data (ver2.2).
  I'm not a software or java person so I desperately need some expert help from this forum.
  I believe we're using jre 1.2 thru 1.4 ( each NMS app uses a different jre version, I think). It all worked fine before the JCE expired.

  Hi,
  MDN (Message Disposition Notifications) is nothing but an Exchange Level acknowledgement. MDN ensures the sender of the document that the recipient has successfully received the document. The sender specifies how the MDN is to be sent back (either synchronously or asynchronously, and signed or unsigned). MDN provides the "Non-repudiation" element of AS2
  In case, recipient is able to read the received message successfully a success MDN is sent back otherwise a failed MDN is sent back. Not getting any MDN back also indicates a failure.
  Ask your tp to check the information he/she received in MDN.
  Regards,
  Anuj

• Packet Encryption/Decryption error

  This error message is from a site-to-site VPN router. The whole error message is like:
  Aug 11 00:37:22.725 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
  Aug 11 00:39:05.192 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
  Aug 11 00:39:53.961 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
  Aug 11 00:40:55.447 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
  Does anybody see/handle this type of error before ? The explaination in the CCO for this error message does not help much. What is the 'status=4610' ? I also see the status number can be 4612 and 4613.
  I also noticed the "ah_auth_failure:" in "sh cry eng accelerator statistic " increase by one each time I got this error in the syslog
  Thanks in advance

  Xuam,
  what was the fix to your problem. I am getting exact same problem.
  Alphonse

• 'Data Decryption Error'

  I'm trying to set up an internet pay and go account with BTyahoo. However, once I've connected, my ibook won't go to the registration page... it just says "Security Failure. Data Decryption Error" BTYahoo say it must be a mac problem but I've no idea what to do about it.
  Perhaps I need to change some security setting on my iBook?
  Any help would be very appreciated!
  Thanks.
  OS X   Mac OS X (10.4.2)   It might be an OS X 10.3 or 10.4. Can't remember.

  seenfromabove, Welcome to the discussion area!
  What browser are you using? Try a different one. For example if you are using Safari, try Firefox or Netscape.

• SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error

  Hello everybody,
  I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".
  Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.
  Below is the SSL debug log
  ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...
  ssl_debug(15): Received v3 server_hello handshake message.
  ssl_debug(15): Server selected SSL version 3.1.
  ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...
  ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
  ssl_debug(15): CompressionMethod selected by server: NULL
  ssl_debug(15): Server does not supports secure renegotiation.
  ssl_debug(15): Received certificate handshake message with server certificate.
  ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.
  ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.
  ssl_debug(15): Received certificate_request handshake message.
  ssl_debug(15): Accepted certificate types: RSA, DSA
  ssl_debug(15): Accepted certificate authorities:
  ssl_debug(15):   CN=XXXXXXXXXXXXXXXXXXXXXXXX
  ssl_debug(15):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(15):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(15): Received server_hello_done handshake message.
  ssl_debug(15): Sending certificate handshake message with RSA client certificate...
  ssl_debug(15): Sending client_key_exchange handshake...
  ssl_debug(15): Sending certificate_verify handshake message...
  ssl_debug(15): Sending change_cipher_spec message...
  ssl_debug(15): Sending finished message...
  ssl_debug(15): Received alert message: Alert Fatal: decrypt error
  ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
  ssl_debug(15): Shutting down SSL layer...
  My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).
  Does somebody have an idea what could cause this SSL handshake failure?
  Best regards,
  Maxim

  The XPI inspector gave more understanding of the situation. It shows which certificates the remote server is sending, which client certificate is used for authentication and many other topics. Interesting enough the XPI inspector shows that PI trusts the server key whereas the NWA log at the very same time tells that it doesn't. I have posted an OSS message asking to explain why there is this discrepancy.

• EAP_TLS not successful, getting X509 decrypt error - certificate signature failure

  Hi
  I am trying EAP-TLS authentication on ACS 5.1.
  I have placed the Root CA of the device certitifcate on ACS.
  But getting this error.
  OpenSSLErrorMessage=SSL alert
  code=0x233=563 ; source=local ; type=fatal ; message="X509 decrypt error - certificate signature failure"
  OpenSSLErrorStack=  3055889312:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2649
  Can anyone help in debugging the issue, is it problem with Device's root CA certificate or anything else
  Thanks

  Hi Smita,
  Similar post but with ISE:
  https://supportforums.cisco.com/thread/2135392
  Are we using SHA 2 certs anywhere here?
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html#wp157364
  ACS 5.2 supports SHA 256.
  Rate if useful

• WEP Key decrypt error + Symbol 9060

  I have a WLC 4400 running ver 3.2.150.6. The LAP is a 1242AG-A-K9. I am getting this error message on the wireless controller log when I try and use my Symbol 9060 RF units the message is:
  WEP Key decrypt error. Station MAC Address is 00:a0:f8:ba:b5:36, Base Radio MAC is 00:19:a9:0f:d7:90 and Slot ID is 0.
  My setup is WPA using 802.1x and the units do authenicate but then after a random period the users lose their sessions. Actually doesnt seem to matter whether I am using WPA or WEP, i still drop. I havent had this problem with the fat APs. Any ideas?

  Cisco is saying the WEP error is a known bug and its a fake message, so that is probably not what is causing the drops. When the clients first started dropping I also noticed another error message but it hasnt show back up till today when i put more client guns back in use. the error is:
  WPA MIC Error counter measure activated on Radio with MAC 00:19:a9:0f:bd:80 and Slot ID 0. Station MAC Address is 00:a0:f8:d2:34:98 and WLAN ID is 1.
  Any thoughts?

• WEP Key decrypt error

  We have WPA2 clients and WLC4402, why is the controller reporting this error message. Does anyone know ? It doesn't seem to effect the connection but I'm just concerning.
  Tue May 9 12:47:20 2006 WEP Key decrypt error. Station MAC Address is xx:xx:xx:xx:xx:xx, Base Radio MAC is xx:xx:xx:xx:xx:xx and Slot ID is 1.

  Hi
  We are using 802.1x and 104 bit WEP to authenticate against a ACS Server
  (LEAP)
  Sporadically we are also getting the same errormessage muliple times:
  Wed Nov 1 12:09:01 2006--WEP Key decrypt error. Station MAC Address is 00:40:96:b1:d1:01, Base Radio MAC is 00:0b:85:71:21:01 and Slot ID is 1.
  Wed Nov 1 12:05:01 2006--WEP Key decrypt error. Station MAC Address is 00:40:96:b1:d1:01, Base Radio MAC is 00:0b:85:71:21:01 and Slot ID is 1.
  It seesms that this error-essage are dieplayed in different configuration cenarios.
  Does anyone know what exactly the reason is for this error message is.
  (Execpt for the Cisco docu statement "Notification sent when the controller detects a WEP decrypting error.")
  Best Regards
  Jarle

• Decrypt error

  Hi
  We've got a wireless implementation with Wisms and 1142 LAPs and for a while we've been getting decrypt errors and like other posts here say, I've been ignoring them because they haven't been disconnecting clients but now they are getting disconnected. Errors like the one below seem to be causing the client to be disconnecting:
  Decrypt error occurred for client 'xx:xx:xx:xx:xx:xx' using 'WPA' key on  '802.11b/g' interface of AP 'xx'. - Controller Name: WLC-1
  Its happened to 3 out of 5 laptops in one location plus an iPhone 3GS in another location, all the laptops are the same model and on the same versions of of drivers.
  We're on 6.0.188.0.
  Any suggestions on what to do?
  Thanks

  Hi Megz,
  This is cosmetic :)
  DECRYPT_ERROR_FOR_WRONG_WPA_WPA2
  MIB Name
  CISCO-LWAPP-DOT11-CLIENT-MIB. CiscoLwappDot11ClientKeyDecryptError.
  WCS Message
  Decrypt error occurred at AP with MAC "{0}" running TKIP with wrong WPA/WPA2 by client with MAC "{1}."
  Symptoms
  The controller detects that a user is trying to connect with an invalid security policy for WPA/WPA2 types.
  WCS Severity
  Minor.
  Probable Causes
  The user failed to authenticate and join the controller.
  Recommended Actions
  None.
  http://www.cisco.com/en/US/docs/wireless/wcs/4.1/configuration/guide/wcsevent.html#wp1150053
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddf95ef/0#selected_message
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbf340f
  Hope this helps!
  Rob

• Decrypt Error using 2-way SSL

  I am exposing a stateless Session bean as a webservice and have setup truststore/keystore to allow clients access using 2-way SSL. Recently one of the clients beagn to get TLS Alert 51 - Decrypt Error during the SSL handshake, right after "HANDSHAKEMESSAGE: CertificateVerify". Other clients of 2-way SSL don't appear to have any issues.
  Has anyone seen this?
  Thanks
  Peter
  some SSl debug follows:
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLTrustValidator returns: 0>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Trust status (0): NONE>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange RSA>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <isMuxerActivated: false>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 SSL3/TLS MAC>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 received HANDSHAKE>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: CertificateVerify>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <NEW ALERT with Severity: FATAL, Type: 51
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ServerStateReceivedClientKeyExchange.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
       at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
       at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
       at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
  >
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <write ALERT, offset = 0, length = 2>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <close(): 7828>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLIOContextTable.removeContext(ctx): 9723897>

  I too am struggling with SSL but I was given some help by BEA. This does not help me since It seems like the proxy jar I download from the WS Home Page wants to go directly to the JPD not the jws. This example of two way SSL should work for you. I am including the Main class but not the generated files it refers to. I don't know how to attach files to the news groups. The key thing it to make use of the adapters. The Impl and Port are part of the downloaded proxy.
  public static void main(String[] args) throws Exception {
  // set weblogic ServiceFactory
  System.setProperty("javax.xml.rpc.ServiceFactory", "weblogic.webservice.core.rpc.ServiceFactoryImpl");
  // set weblogic client protocol handler
  System.setProperty("java.protocol.handler.pkgs", "weblogic.webservice.client");
  // set the SSL adapter
  SSLAdapterFactory adapterFactory = SSLAdapterFactory.getDefaultFactory();
  WLSSLAdapter adapter = (WLSSLAdapter) adapterFactory.getSSLAdapter();
  // two-way SSL you must loadLocalIdentity to provide certs back to the server
  FileInputStream clientCredentialFile = new FileInputStream ("./client/clientcred.pem");
  String pwd = "canpass";
  adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
  adapter.setVerbose(true);
  adapter.setTrustedCertificatesFile("./config/ca1024.pem");
  adapter.setStrictChecking(false);
  adapterFactory.setDefaultAdapter(adapter);
  adapterFactory.setUseDefaultAdapter(true);
  String a = null;
  if (args.length < 1) {
  a = "Sample String";
  } else {
  a = args[0];
  ToUpper_Impl lookup = new ToUpper_Impl();
  ToUpperPort value = lookup.gettoUpperPort();
  String result = value.toUpper(a);
  System.out.println(result);
  }

• Decrypt errors issue

  Hi everybody,
  I got this trap massage on WLC.
  The client failed to communicate, it was still associated wiht WLC though.
  the trap massage log is blow
  "Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"
  My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)
  Thanks.

  We use Dynamic wep key, EAP-TTLS / PEAP.
  I attach the output.
  WLAN Identifier.................................. 1
  Profile Name..................................... kssl
  Network Name (SSID).............................. kssl
  Status........................................... Enabled
  MAC Filtering.................................... Disabled
  Broadcast SSID................................... Disabled
  AAA Policy Override.............................. Disabled
  Network Admission Control
  NAC-State...................................... Disabled
  Quarantine VLAN................................ 0
  Number of Active Clients......................... 0
  Exclusionlist.................................... Disabled
  Session Timeout.................................. 1800 seconds
  CHD per WLAN..................................... Enabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ management
  WLAN ACL......................................... unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  --More-- or (q)uit
  Quality of Service............................... Silver (best effort)
  WMM.............................................. Disabled
  CCX - AironetIe Support.......................... Disabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  IPv6 Support..................................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  Radius Servers
  Authentication................................ 10.10.9.44 1812
  Authentication................................ 10.10.9.45 1812
  Accounting.................................... 10.10.9.44 1813
  Accounting.................................... 10.10.9.45 1813
  Local EAP Authentication......................... Disabled
  Security
  802.11 Authentication:........................ Open System
  Static WEP Keys............................... Disabled
  802.1X........................................ Enabled
  --More-- or (q)uit
  Encryption:..................................... 104-bit WEP
  Wi-Fi Protected Access (WPA/WPA2)............. Disabled
  CKIP ......................................... Disabled
  IP Security Passthru.......................... Disabled
  Web Based Authentication...................... Disabled
  Web-Passthrough............................... Disabled
  Conditional Web Redirect...................... Disabled
  Splash-Page Web Redirect...................... Disabled
  Auto Anchor................................... Disabled
  H-REAP Local Switching........................ Disabled
  H-REAP Learn IP Address....................... Enabled
  Infrastructure MFP protection................. Disabled
  Client MFP.................................... Optional but inactive (WPA2 no
  t configured)
  Tkip MIC Countermeasure Hold-down Timer....... 60
  Mobility Anchor List
  WLAN ID IP Address Status
  Thank you.

• WLC 4.0.217.0 reporting Decrypt Errors

  Hi,
  My customer is using Cisco WLC 4402 running 4.0.217.0 and is reporting that Wireless clients are getting disconnected and reconnected every half hour and when I check for the trapslog I get the following error messages.
  Decrypt errors occurred for client 00:19:d2:76:2e:7e using WPA2 key on 802.11b/g interface of AP 0 0:1a:30:2e:c2:b0
  AP's Interface:1(802.11a) Operation State Down: Base Radio :00:1a:30:2e:be:90 Cause=Heartbeat
  Timeout
  I have checked for known issues but couldn't find any pertaining the issue or error message.
  Could someody help or share any info to find way out to troubleshoot as what is causing this issue.
  Thanks in advance.

  so we are now after disabling PEAP fast reconnect seeing tons of these errors. this is the trigger point that started creating these messages. prior to the disabling of the PEAP fast reconnect, we had clients who anywhere from 10-60 minutes would get kicked off associations with their AP. then within 1-3 seconds a reconnect would occur. a cisco TAC case engineer recommended that we take off PEAP fast reconnect.
  here is the snmp-trap logs from the controller and our controller is running the following:
  Software Version 4.2.112.0
  System Name XXXWLC01
  Up Time 7 days, 20 hours, 28 minutes
  System Time Tue Jul 1 12:54:54 2008
  Internal Temperature +33 C
  802.11a Network State Disabled
  802.11b/g Network State Enabled
  Default Mobility Group apples
  log output:
  Tue Jul 1 12:45:05 2008 Decrypt errors occurred for client 00:19:d2:60:a1:71 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:62:20
  1 Tue Jul 1 12:44:34 2008 Decrypt errors occurred for client 00:1d:e0:74:3c:b5 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2d:1a:00
  2 Tue Jul 1 12:44:33 2008 Decrypt errors occurred for client 00:16:6f:6b:38:23 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:60:10
  3 Tue Jul 1 12:44:13 2008 Client Association Failure: Client MAC Address:00:13:ce:c3:81:d3, AP Base Radio MAC:00:1c:f9:2d:1a:00, Slot: 0, Reason:Unspecified, ReasonCode: 1
  4 Tue Jul 1 12:43:52 2008 Decrypt errors occurred for client 00:16:6f:96:f8:98 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:62:a0
  5 Tue Jul 1 12:43:48 2008 Decrypt errors occurred for client 00:1d:e0:32:5b:cb using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:26:40
  6 Tue Jul 1 12:43:33 2008 Decrypt errors occurred for client 00:15:00:22:d8:31 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:bf:d0
  7 Tue Jul 1 12:43:28 2008 Decrypt errors occurred for client 00:15:00:43:10:5a using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:97:c0
  8 Tue Jul 1 12:43:28 2008 Decrypt errors occurred for client 00:19:d2:27:75:c0 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:5b:50
  9 Tue Jul 1 12:43:19 2008 Decrypt errors occurred for client 00:18:de:cf:68:f1 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:cb:e0
  10 Tue Jul 1 12:43:19 2008 Decrypt errors occurred for client 00:18:de:d5:39:f2 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:cb:e0
  11 Tue Jul 1 12:42:58 2008 Decrypt errors occurred for client 00:18:de:cf:85:0d using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:c3:00
  12 Tue Jul 1 12:42:51 2008 Decrypt errors occurred for client 00:1d:e0:76:79:27 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:5e:80
  13 Tue Jul 1 12:42:35 2008 Decrypt errors occurred for client 00:1b:77:0b:c0:d6 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:78:c0
  14 Tue Jul 1 12:42:33 2008 Decrypt errors occurred for client 00:1b:77:0b:d8:4f using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:60:10
  15 Tue Jul 1 12:42:31 2008 Decrypt errors occurred for client 00:16:6f:8f:52:cc using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:0c:f0

• Decrypt Errors occuring in WLC Log

  Hi all,
  we see a strange message in our WLC logs, which occurs quite often (>10 times a day):
  Decrypt errors occurred for client [MAC-Adress] using WPA key on 802.11b/g interface of AP [MAC-Adress]
  The MAC-Adresses of the affected clients are varying as well as the APs reporting the error.
  The clients are Notebooks, Cisco IP-Phones and Nokia-DualBand-Phones.
  Even more frequently we see the following message in the log:
  %ETHOIP-3-PING_TRANSMIT_FAILED: ethoip_ping.c:227 send_eoip_ping: Failed to tx Ethernet over IP ping rc=5.
  We use TKIP as Encryption and EAP-Fast as well as LEAP as Authentication (Cisco ACS).
  The WLC is an 2106, the APs are 1242AG.
  We don't recognize any problems placing calls or talking over these phones. It's just these messages in the log that concern me.
  Anyone else got these messages (and hopefully fixed them :))
  Greets,
  Sebastian

  Hi Everyone, you can count me in as well for getting the decrypt errors. However the only difference is that I'm not using WPA on the network that this is happening on. The wlan that is reporting this for me is just a simple WEP key. I'm thinking this is related to encryption since TKIP is also based on RC4. I also have other WLANS where I use WPA2 Enterprise with AES (PEAP MS-CHAPv2) and I do not see the decrypt errors for those clients. Also, to further expand on this I haven't noticed any client problems either. Maybe this is a bug that doesn't cause denial of service. I'd love to get rid of them though! This is with a 4402 WLC and 1242AG AP's...

• Decrypt Errors on WLC version 7

  Hello
  I am seeing a lot of the following showing up in the WLC trap log:
  Decrypt errors occurred for client <CLIENT-MAC> using WPA2 key on 802.11b/g interface of AP 00:17:0f:81:ad:90
  I have done a fair amount of searching about and I cant seem to find a clear explanation for this message.  Could someone suggest what might be causing these issues and how to resolve them?
  For refernce we are using WLC runninn 7.0.98 and ACS 4.0
  Thanks in advance.

  Its a fair range of clients across several APs in the building.  I havent got an exact list of
  clients but I know its both old and new Lenovo/IBM laptops as well as Macbooks and Macbook Pros.
  Our APs are the 1131AGs if that helps.