Wireless authentication issues

Similar Messages

• Wireless Client Authentication issues when roaming Access Points (Local)

  I have a Cisco 5508 with Software version 7.4.121.0 and Field Recovery 7.6.101.1.
  There are a handful of clients that when roaming between AP's with the same SSID that get an authentication issue and have to restart the wireless to get back on.
  From Cisco ISE
  Event
  5400 Authentication failed
  Failure Reason
  11514 Unexpectedly received empty TLS message; treating as a rejection by the client
  Resolution
  Ensure that the client's supplicant does not have any known compatibility issues and that it is properly configured. Also ensure that the ISE server certificate is trusted by the client, by configuring the supplicant with the CA certificate that signed the ISE server certificate. It is strongly recommended to not disable the server certificate validation on the client!
  Root cause
  While trying to negotiate a TLS handshake with the client, ISE expected to receive a non-empty TLS message or TLS alert message, but instead received an empty TLS message. This could be due to an inconformity in the implementation of the protocol between ISE and the supplicant. For example, it is a known issue that the XP supplicant sends an empty TLS message instead of a non-empty TLS alert message. It might also involve the supplicant not trusting the ISE server certificate for some reason. ISE treated the unexpected message as a sign that the client rejected the tunnel establishment.
  I am having a hard time figuring out what is causing this. My assumption is if there were a problem with the Controller or AP configurations then it would happen to everyone. My further assumption is if the client had a problem with their laptop (windows 7) then why does work at other times? So I have checked and the ISE certificate is trusted by client.
  Is something happening that the previous access point is holding on to the mac and the return authentication traffic is going to the old AP instead of the new one or something like that which is corrupting the data?
  I also had this from Splunk for the same client:
  Mar 5 13:44:51 usstlz-piseps01 CISE_Failed_Attempts 0014809622 1 0 2015-03-05 13:44:51.952 +00:00 0865003824 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario
   FailureReason="12929 NAS sends RADIUS accounting update messages too frequently"
  Any help on this would be appreciated. These error messages give me an idea but doesn't give me the exact answer to why the problem occurred and what needs to be done to fix it.
  Thanks

  Further detail From ISE for the failure:
  11001
  Received RADIUS Access-Request
  11017
  RADIUS created a new session
  15049
  Evaluating Policy Group
  15008
  Evaluating Service Selection Policy
  15048
  Queried PIP
  15048
  Queried PIP
  15004
  Matched rule
  15048
  Queried PIP
  15048
  Queried PIP
  15004
  Matched rule
  11507
  Extracted EAP-Response/Identity
  12500
  Prepared EAP-Request proposing EAP-TLS with challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12301
  Extracted EAP-Response/NAK requesting to use PEAP instead
  12300
  Prepared EAP-Request proposing PEAP with challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12302
  Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
  12318
  Successfully negotiated PEAP version 0
  12800
  Extracted first TLS record; TLS handshake started
  12805
  Extracted TLS ClientHello message
  12806
  Prepared TLS ServerHello message
  12807
  Prepared TLS Certificate message
  12810
  Prepared TLS ServerDone message
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  11514
  Unexpectedly received empty TLS message; treating as a rejection by the client
  12512
  Treat the unexpected TLS acknowledge message as a rejection from the client
  11504
  Prepared EAP-Failure
  11003
  Returned RADIUS Access-Reject

• ACS 5.2 Authentication Issue with Local & Global ADs

  Hi I am facing authentication issue with ACS 5.2. Below is AAA flow (EAP-TLS),
  - Wireless Users >> Cisco WLC >> ADs <-- everything OK
  - Wireless Users >> Cisco WLC >> ACS 5.2 >> ADs <-- problem
  Last time I tested with ACS, it worked but didn't do migration as there'll be changes from ADs.
  Now my customer wants ACS migration by creating new Group in AD, I also update ACS config.
  For the user from the old group, authentication is ok.
  For the user from the new group, authentication fails. With subject not found error, showing the user is from the old group.
  Seems like ACS is querying from old records (own cache or database). Already restared the ACS but still the same error.
  Can anyone advice to troubleshoot the issue?
  Note: My customer can only access their local ADs (trusted by Global ADs). Local ADs & ACS are in the same network, ACS should go to local AD first.
  How can we check or make sure it?
  Thanks ahead,
  Ye

  Hello,
  There is an enhacement request open already:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte92062
  ACS should be able to query only desired DCs
  Symptom:
  Currently on 5.0 and 5.1, the ACS queries the  DNS with the domain, in order to get a list of all the DCs in the domain  and then tries to communicate with all of them.If the connection to even one DC fails, then the ACS connection to the domain is declared as failed.A lot of customers are asking for a change on this behavior.
  It  should be possible to define which DCs to contact and/or make ACS to  interpret  DNS Resource Records Registered by the Active Directory  Domain Controller to facilitate the location of domain controllers.  Active Directory uses service locator, or SRV, records. An SRV record is  a new type of DNS record described in RFC 2782, and is used to identify  services located on a Transmission Control Protocol/Internet Protocol  (TCP/IP) network.
  Conditions:
  Domain with multiple DCs were some are not accessible from the ACS due to security/geographic constraints.
  Workaround:
  Make sure ALL DCs are UP and reachable from the ACS.
  At the moment, we cannot determine which Domain Controller on the AD the ACS will contact. The enhacement request will include a feature on which we can specify the appropriate the Domain Controllers the ACS should contact on a AD Domain.
  Hope this clarifies it.
  Regards.

• Wireless authentication to a windows network

  IF this is the wrong group please let me know and I will re-post...
  I am trying to solve some problems authenticating to a windows network using a airport card....
  I keep getting a non-trusted certificate message after/during the 802.x authentication box..We are not using certificates, at least that is what the admin tells me...so I have logged in as root, opened keychain and set the certifcates in question to trust always for all settings...I log out and then relogin as a normal network account and I still get the message which I can click continue and now I have access..
  the other problem is that my home folder will not mount...I have to mount it manually through the finder..I am assuming this is because the airport network services are not running until I authenticate locally with a cached password....Is there a way to have the login window authenticate through airport so I can have my home directory mount automatically...
  thanks for your help...

  unfortunately there are severla problems with the solution and it really doesn't address the issue. I can't mount the volume on the dock as it won't mount, probably because it is the server itself that has been mounted, not the shared home folder. Also it might create a conflict by having an alias to the home folder that would conflict with the auto mounted home folder when I use the ethernet as a connection source. What I have is a multi-purpose machine.
  1) I use a hardwired connect at my desk...
  2) If I need to go somewhere that a port in the wall is not active, I can then use a wirless connection which allows me access to everything I need....
  What I need to do is get this working so that the rest of the area can use it as well....
  So the question still remains: Does the wireless authentication not mount the home directory because it is not tied into the login window. For example, in a hardwired case I login to the system and this authenticates me and mounts my home folder. When I unplug the ethernet cable and turn on ariport and log off I login to the login window but the 802.x box comes up and asks for my password....which then brings up a not trusted certificate. Which I have tried everyhting I know to make this accepted by the system, including logging as root and going into keychain and setting it to be trusted. This DOES not work. I still get the untrusted certifcate message and the home directory does not mount. So what I need is someone who is authenticating to a windows network using wireless. I have followed all the 802.x suggestions which include using only peap to authenticate through.
  I hope someone can tell me how to stop the untrusted certificate error and how to mount the home directories. It would seem that there should be some type of setting to make airport startup prior to the login window or be hooked into the login window and pas that through to the wireless authentication. This is beyond my experience as you can see...
  thanks

• Secure wireless authentication

  I have just been reading all the posts about secure wireless access and I am
  not happy with the direction Novell has chosen to take.
  I have been extremely pleased with Netware, GroupWise & ZenWorks but Novell
  is starting to loose it's appeal.
  Let me summarize what I have learned and see if I have made any mistakes
  with my understanding.
  1. Novell has stopped development on their Radius server and have no plans
  to resume development.
  2. Novell contributed code to the open source FreeRadius project.
  http://www.novell.com/news/press/arc...2/pr05008.html
  3. There isn't any Radius server with 802.1x authentication that runs on
  Netware (Netware kernel).
  a. Novell's Radius server (BMAS or the newer NMAS server) doesn't do
  802.1x authentication.
  b. I have contacted Funk and this is their reply. Steel-Belted Radius
  Server will run on Windows and Solaris (Linux is coming).
  http://www.funk.com/News&Events/sbr_linux_pn.asp
  c. MTG House hasn't gotten back to me about a solution for Netware. (I
  am doubtful, I didn't find anything on their website.)
  4. You need to run a Radius server that does 802.1x authentication and will
  work/integrate with eDir.
  a. FreeRadius (Linux) will integrate with Edir.
  http://www.novell.com/documentation/...ius/index.html
  http://www.novell.com/coolsolutions/feature/15383.html
  b. Funk's Steel-Belted Radius server (Windows, Solaris & Linux is in
  beta).
  http://www.funk.com/radius/default.asp
  c. Aegis Server
  http://www.mtghouse.com/products/aeg...er/index.shtml
  5. You need a 802.1x Client to authenticate to a Radius server for wireless
  authentication.
  a. Microsoft has 802.1x support in their client. (read this from other
  posts in this forum)
  b. Novell isn't planning on putting 802.1x support in the NW Client.
  (read this from other posts in this forum)
  c. There are 2 Radius clients that integrate with the NW Client for
  Radius Edir authentication.
  1. Funk's Odyssey Client ($45 - $50 per workstation depending on
  quantity) + added annual maintenance costs.
  $2281.25 for 50 Client licenses & annual maintenance.
  http://www.funk.com/radius/wlan/wlan_c_radius.asp
  2. Aegis' Client ($32 - $39.99 per workstation depending on
  quantity) + added annual maintenance costs.
  $2240.00 for 50 Client licenses & annual maintenance.
  http://www.mtghouse.com/products/aeg...nt/index.shtml
  http://www.mtghouse.com/novell_app_note_122204.pdf
  3. When FreeRadius is integrated with Edir is this separate client
  still needed?
  I didn't see anything about a separate client being needed while
  reading the Integrating FreeRadius with Edir documentation.
  6. FreeRadius support is going to be built-in to the next version of Edir.
  http://www.novell.com/news/press/arc...2/pr05008.html
  Why didn't Novell contribute code to port FreeRadius to Netware?
  At this point in time they are still giving us a choice between the Netware
  kernel and the Linux kernel. To me that says they are willing to make
  things work with both systems until they drop support for the Netware
  kernel. Ok, so give me support for 802.1x authentication in the Netware
  kernel. I don't have stray single purpose servers floating around my
  network and I don't want to have to begin that practice just to get Radius
  802.1x authentication working.
  I also won't put my district at a disadvantage by upgrading to the Linux
  kernel until I know Linux well enough to administer it properly. I am the
  IT department at this district so I don't have a great deal of extra time to
  run about learning the new things I would LOVE to learn. I'm sure I'm not
  the only person in this situation so Novell should take these things into
  concideration before they just drop support for a product they say they are
  still supporting. Obviously all of the real support is going toward the
  Linux side at Novell.
  Daniel Blake
  Milford Central School

  Ok, I'll give them the benefit of the doubt and say fine the Netware kernel
  might as well be considered dead. So they are giving me support via
  FreeRadius if I just migrate to OES (Linux). Ok, I might/can live with that
  as a Novell decision.
  But that still doesn't explain why they don't give us some client to log in
  via 802.1x. Giving us the server but not the client is like giving us a
  locked door without a key. That's just plain stupid. I would rather stay a
  Netware - OES shop, but if Novell can't think something this simple through
  then I'm a little nervous about staying with them. What could they think up
  next?
  I guess Novell has decided to port all it's software to Windows cause it
  sucks so bad at business decisions. GroupWise & ZenWorks run completely on
  Windows now, so why do I need OES at all? Except for complexity &
  integration issues of course. I mean why would I need to purchase Edir for
  Windows if I didn't stay with OES? Or Nsure Identity Manager for that
  matter. So if we start looking deeper into this we see Marketing all over
  this thing. Novell Marketing has always done such a good job for Novell.
  Novell has given me a real choice that will work though. If I migrate
  completely to a Windows network it just works without any added costs. Heck
  it even makes my installs easier without having to install the NW Client on
  every new workstation. I can still run ZenWorks & GroupWise too.
  Now, how is Novell Marketing going to screw up and make me hate GroupWise &
  Zenworks so I migrate completely away from Novell products? Way to go
  Novell!
  Daniel Blake
  Milford Central School
  "Jim Michael" <[email protected]> wrote in message
  news:[email protected]...
  > mcsdtech wrote:
  >
  >> 1. Novell has stopped development on their Radius server and have no
  >> plans to resume development.
  >
  > Correct, so far as we know.
  >
  >> 2. Novell contributed code to the open source FreeRadius project.
  >> http://www.novell.com/news/press/arc...2/pr05008.html
  >
  > Yes. Code to allow easier integration with eDirectory.
  >
  >> 3. There isn't any Radius server with 802.1x authentication that runs on
  >> Netware (Netware kernel).
  >
  > Correct.
  >
  >> a. Novell's Radius server (BMAS or the newer NMAS server) doesn't do
  >> 802.1x authentication.
  >
  > Correct. It was developed quite a while before 802.1x even existed.
  >
  >> b. I have contacted Funk and this is their reply. Steel-Belted
  >> Radius Server will run on Windows and Solaris (Linux is coming).
  >> http://www.funk.com/News&Events/sbr_linux_pn.asp
  >
  > Correct, but Stell-Belted Radius is probably the last solution I would
  > look at. Radiator is a commercial product that runs on Linux or Windows
  > (it is Perl-based) and you will get far better support from them on
  > eDirectory issues and general Radius problems. freeRADIUS is what I would
  > run on Linux if you don't want to spend a dime on the software.
  >
  >> c. MTG House hasn't gotten back to me about a solution for Netware.
  >> (I am doubtful, I didn't find anything on their website.)
  >
  > Not familiar with them.
  >
  >> 4. You need to run a Radius server that does 802.1x authentication and
  >> will work/integrate with eDir.
  >> a. FreeRadius (Linux) will integrate with Edir.
  >> b. Funk's Steel-Belted Radius server (Windows, Solaris & Linux is
  >> in beta).
  >
  >> c. Aegis Server
  >
  > And Radiator (what I run) http://www.open.com.au This is the solution we
  > run.
  >
  >> 5. You need a 802.1x Client to authenticate to a Radius server for
  >> wireless authentication.
  >
  > Correct.
  >
  >> a. Microsoft has 802.1x support in their client. (read this from
  >> other posts in this forum)
  >
  > Correct. Technically, the "support" is in Windows, not the MS client.
  >
  >> b. Novell isn't planning on putting 802.1x support in the NW Client.
  >> (read this from other posts in this forum)
  >
  > Correct.
  >
  >> c. There are 2 Radius clients that integrate with the NW Client for
  >> Radius Edir authentication.
  >> 1. Funk's Odyssey Client 2. Aegis' Client ($32 - $39.99 per
  >> workstation depending on
  >
  > Correct.
  >
  >> 3. When FreeRadius is integrated with Edir is this separate
  >> client still needed?
  >
  > Yes. You ALWAYS need a 802.1x supplicant (client) on the workstation.
  > Windows has one built-in, which works FINE against eDirectory. HOWEVER,
  > because of the way it works you must log into eDirectory *after* fully
  > logging into windows. That is unacceptable to most organizations (you
  > would have to manually log in and map drives to NW, etc). This is why
  > there are third-party clients that integrate specifically with the NetWare
  > client.. they allow the 802.1x authentication to "insert" itself
  > in -between the Windows and eDirectory login, thus preserving all of the
  > normal features like dynamic local user, zen policies, etc.
  >
  >> I didn't see anything about a separate client being needed
  >> while reading the Integrating FreeRadius with Edir documentation.
  >
  > A client is always assumed.
  >
  >> Why didn't Novell contribute code to port FreeRadius to Netware?
  >
  > Because Novell's future direction is Linux, and there isn't much demand
  > for a NetWare Radius server.
  >
  >> At this point in time they are still giving us a choice between the
  >> Netware kernel and the Linux kernel. To me that says they are willing to
  >> make things work with both systems until they drop support for the
  >> Netware kernel. Ok, so give me support for 802.1x authentication in the
  >> Netware kernel. I don't have stray single purpose servers floating
  >> around my network and I don't want to have to begin that practice just to
  >> get Radius 802.1x authentication working.
  >
  > You can always make your wishes known at
  > http://support.novell.com/enhancement
  >
  >> I also won't put my district at a disadvantage by upgrading to the Linux
  >> kernel until I know Linux well enough to administer it properly. I am
  >> the IT department at this district so I don't have a great deal of extra
  >> time to run about learning the new things I would LOVE to learn. I'm
  >> sure I'm not the only person in this situation so Novell should take
  >> these things into concideration before they just drop support for a
  >> product they say they are still supporting. Obviously all of the real
  >> support is going toward the Linux side at Novell.
  >
  > I understand the frustration, but I doubt things will change. There is a
  > big difference between "supporting" existing products and adding major
  > enhancements to products to support new standards. I just don't think
  > Novell believes it is worth dedicating development resources to enhancing
  > Radius on NetWare, for those few that can't/won't run a Linux or Windows
  > box where the software already exists.
  >
  >
  > --
  > Jim
  > NSC SYsop

• Airport-Router authentication issue

  Hi - I have a really annoying authentication issue between my MBP (late '06) and my DIR-655 D-Link router (f/w 1.22 b05).
  I am getting "disconnection" issues on my MacBook Pro only. We are not seeing any issues on my fiance's Vaio laptop. So I'm thinking maybe the router isn't to blame...?
  I put "disonnection" in quotes because airport always shows that there is a connection to the router/network, but there clearly is not. Sometimes I have to disconnect/reconnect airport, but often the connection just comes back after 30 seconds or so. It usually looks like a DNS issue...holding at the "looking up" stage, but I really don't think it is. I've tried various domain name servers.
  I thought I had worked around this by allowing the router to accept G in addition to 802.11n connections, but the problem, while not as prevalent, seems to have increased lately even while using 802.11g.
  I see that the router's log is replete with messages like this:
  *Wireless system with MAC address 0017F2HR7BC6 disconnected for reason: Authentication Failed*
  That MAC address is indeed my MBP
  I'm also seeing a lot of messages along these lines:
  *Blocked incoming TCP connection request from 119.154.75.13:1420 to 173.78.73.92:445*
  But I assume these messages are unrelated.
  So I turned off WPA-Personal security and, of course, no further authentication errors. Those blocked TCP requests continue.
  Of course, I don't want to keep WPA turned off.
  Any ideas as to why authentication would be failing on and off with airport? I didn't even realize there was more than a single authentication (i.e. after you first connect), but I still have a LOT to learn about routers!
  Any ideas appreciated!

  FWIW
  119.154.75.13 = an address in Pakistan
  173.78.73.92 = an address in Tampa, Florida on the Verizon Network
  Have you been using BitTorrent or some other p2p software lately ?
  Re your router issue, have you considered using MAC Address Security (not WAP/WEP) ?

• Iphone/IOS 6 and Enterprise Wireless Networks Issue

  Hi there,
  Our company runs Cisco wireless using WPA2 Enterprise and AD Authentication. Now we currently have multiple vendor phones/laptops working fine including Apple Macbook Pro's, Apple Iphone 4s, Samsung Galaxy S2/S3 working on the wireless without issue.
  However Ive been seeing issues with Iphone 5s and an Ipad now as well running IOS 6 where it just wont connect to the network. I am using Iphone configuration utility to install a Wireless profile with the certificate/AD credentials onto the Apple device.
  I just loaded the profile on an Iphone 5 and it worked straight away.
  However on ipad and other iphone 5's this is what happened, it associated to the Wireless but never got an IP address so never finishes connecting. just sits on spinning wheel.
  Here is some output from the Iphone configuration utility console:
  Nov 13 14:45:47 Sam-iPad eapolclient[2548] <Notice>: eapmschapv2_success_request: successfully authenticated
  Nov 13 14:45:48 Sam-iPad kernel[0] <Debug>: 285568.132121 wlan.N[12106] AppleBCMWLANCore::setCIPHER_KEY():  [eapolclient]: type = CIPHER_MSK, index = 0, flags = 0x0, key lenght 64, key rsc lenght 0
  Nov 13 14:45:48 Sam-iPad kernel[0] <Debug>: 285568.185043 wlan.N[12107] AppleBCMWLANCore:startRoamScan(): 3365 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
  Nov 13 14:45:49 Sam-iPad kernel[0] <Debug>: IO80211AWDLMulticastPeer::queuePacket ff:ff:ff:ff:ff:ff alllocate queue for ac 0
  Nov 13 14:45:58 Sam-iPad kernel[0] <Debug>: 285578.034874 wlan.N[12108] AppleBCMWLANCore:startRoamScan(): 3365 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
  Nov 13 14:45:58 Sam-iPad kernel[0] <Debug>: 285578.060369 wlan.A[12109] AppleBCMWLANNetManager::handleDelayedPowerManagementTimeout():  Timed out waiting for IP address, entering powersave mode: 2
  Nov 13 14:45:58 Sam-iPad kernel[0] <Debug>: 285578.075638 wlan.A[12110] AppleBCMWLANNetManager::checkRealTimeTraffic():  now 285578.075633250 num entries 4
  Nov 13 14:46:06 Sam-iPad kernel[0] <Debug>: 285586.747324 wlan.N[12111] AppleBCMWLANCore:startRoamScan(): 3379 starting RoamScan; MultiAPEnv:0 isdualBand:1 isOn5G:0
  Is anyone else aware of this problem?

  iPhone 4s: iOS 6
  iPad 2 iOS 6
  iTunes 10.7.0.21
  Windows 7 Ultimate i5 / 8G RAM
  my iDevices will not sync anymore unless it is plugged in USB and turn it off and back on again while connected. is there going to be a fix for this? btw good job apple...-.-

• Is there a fix for the MBP wireless dropping issue?

  I began to experience the Macbook Pro dropping wireless connectivity on my very 1st Apple in 2008.  At the end of the day my machine was replaced with a new Macbook Pro mid 2010.  It appeared to be working just fine until about 2-3 months ago when I started dropping my wireless printer connection.  I searched the internet hoping for a driver update from HP or something from Apple and each time I found something, the problem still existed.  I even thought that by upgrading to Lion would resolve any issues that I have with my MBP wireless connectivity issue.  After upgrading to buying a new router, new printer and upgrading to Lion; the wireless dropping issue still remains unresolved!  I know there are several hundred in not thousands of people who are having the same problem so what are we supposed to do?
  When my 1st MBP was replaced in 2010 I had to stop working because I was diagnosed with "Failed Back Surgical Syndrome" and was in the process of applying for disability.  Something in the back of my mind said that I needed to purchase Apple Care for this new replacement however I had used all of my savings & retirement to sustain life for me and my family that there was nothing for Apple Care.  If it weren't for my church and family I am not sure what I would do during the 18 months of no income while waiting for a decision only to receive an appeal until I findly stood in front of an Administrative Law Judge who heard my case and granted me disability.  Besides there was no way I could ask anyone for money to purchase a warranty for a top of the line laptop while the country was falling off an economical cliff.
  I broke down and called Apple Support and was told that I qualified for technical assistance regarding the upgrade to Lion a few weeks ago.  The tech on the phone had me run some disk utility tests and had me repair permissions which she said could be the cause of the problem.  I willingly went along with her in hopes that this was indeed the fix.  However, within 10 minutes of hanging up the phone my MBP began to drop it's wireless connection to my new HP printer and also the Internet.  Hence my question above is what I am really looking to have answered!  What is the fix to this problem that so many people are having issues with?  I couldn't afford to purchase Apple Care back in 2010 and I can't afford to purchase a new 2011 machine today if that truly is the fix!
  I will be disabled for the remainder of my life and I have grown dependent upon my computer to stay in touch with friends and colleges from work.  I worked for the IT Group at Wynn Resorts and I can say that the type of service Appple is providing it's customers is not what I learned over the past 25 years with Mr. Wynn.  Why can't Apple get the simple concept that it's customers are it's life line and keeps them in business.  I need help and I don't know what to do nor where to turn.  It would be different if Apple acknowledged the issue and said they were working on it however they aren't.  I plead to Apple to help me fix my notebook so I can stay connected to the outside world vs. couped up inside my home.
  Best Regards,
  Scott Leavitt

  I am simply lookig for some help not an argument.  I am not an RF specialist however have setup a few wireless networks in my tenure at Wynn Resorts.  I fully agree that wireless networking is an art and a science however the powers that be in Network Land have toughted wireless networking is the easiest and quickest way to get two computers to talk with one another.  As I previously said I have already turned one (1) MBP in for this problem and Apple decided to replace it because they could not fix the problem with my particular MBP.  This MBP was running Leopard when the problems started
  I am having a hard time believeing that there are several other devicces in my home that depend on a wireless network to operate and my MBP is the only one having an issue.  I took this a step further and decided to see what would happen if I tried to connect wirelessly via Fusion.  In Windows 7 I am able to print and scan to my hearts content without any issues.  I am able to browse the internet as much as I want.  I close Fusion and try to connect to my printer via wireless and nothing.
  In order to get Apple to help do I need to get a Network Analyzer and capture packets when I have these problems?  Out of the 1000 + posts is there a consolidation of which answer is the best?  BTW I am accessing the internet via a wireless connection using Fusion and Windows 7.
  In response to Linc's comments, I will look at the router specifications however I did not qualify that these devices are not using the wireless connection at the same time.  Right now I would guess there are maybe two (2) or three (3) at the most that are actively transmitting / receiving information. --  Thanks

• Authentication issue getting "UMELoginException"

  Dear Guys,
  I am facing an authentication issue. The situation is like this,
  My NT password was about to expire (had 6 more days for expiry). I was able to login till yesterday and all of the sudden today, when I was trying to login, I was not able to (it gave me password change message). So I went back and changed my NT password and tried to login again into the portal, however I am still not able to. I am pasting the stack trace,
  #1.5#001143FDCEA7006700000008000018C40004196E4AD849E8#1153861399615#com.sap.security.core.imp#sap.com/irj#com.sap.security.core.imp.[cf=com.sap.security.core.sapmimp.logon.SAPMLogonLogic][md=doLogon][cl=20282]#Guest#192####fff21cf01c2011dba425001143fdcea7#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Java###doLogon failed
  [EXCEPTION]
  #1#com.sap.security.core.logon.imp.UMELoginException
       at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:318)
       at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:344)
       at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:312)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:368)
       at com.sap.portal.navigation.Gateway.service(Gateway.java:101)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Please help.
  Regards,
  Deepak

  Hi Deepak,
  it is most times that it needs to replicate through your system(s).
  Regards,
  Kai
  PS: Please reward points if that was helpful.

• Authentication Issue, When Profile ReCreate

  Hi,
  i face authentication issue in SQL Server 2012 Evalution after i login in new account.
  Take a look situation and what i did.
  1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
  2). Every Thing i Did i by using AD User name "SP_Farm"
  3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
  Note: during the whole process i only use SP_Farm (AD Admin User)
  Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
  after that i cant access Management Studio. :(
  Please Guide if is there any other way.
  Thanks you 
  Shariq Ayaz
  [email protected]
  www.shariqdon.com
  www.shariqdon.com/itworld
  www.shariqdon.com

  Hi,
  i face authentication issue in SQL Server 2012 Evalution after i login in new account.
  Take a look situation and what i did.
  1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
  2). Every Thing i Did i by using AD User name "SP_Farm"
  3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
  Note: during the whole process i only use SP_Farm (AD Admin User)
  Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
  Creating a user with the same name is
  not the same user :-)
  A user has a unique ID and you did not create the same ID, but a new user with same name.
  after that i cant access Management Studio. :(
  Please Guide if is there any other way.
  Thanks you 
  Shariq Ayaz
  [email protected]
  www.shariqdon.com
  www.shariqdon.com/itworld
  www.shariqdon.com
  You can try to use This solution:
  http://blogs.msdn.com/b/raulga/archive/2007/07/12/disaster-recovery-what-to-do-when-the-sa-account-password-is-lost-in-sql-server-2005.aspx
  * After the SQL Server Instance starts in single-user mode, the Windows Administrator account is able to connect to SQL Server using the sqlcmd utility using Windows authentication.
  [Personal Site] [Blog] [Facebook]

• Essbase 6.5 External Authentication Issue!! Urgent Please!!

  Hi all,
  I am great trouble over an external authentication issue in Essbase 6.5. I request you all to please give me your feedback on the same as soon as possible.
  I am in a situation where I need to get my Essbase 6.5 external Authentication converted from LDAP to Active Directory services.
  I suppose there has been necessary changes done to the .cfg file for the same. However, I think I am getting an error
  "User [vikc]'c external authentication protocol [MSEX]'s password check module is not loaded".
  Please let me know if you have come across such an issue earlier and can anybody to able to help me with the same.
  Its kinda Urgent. so any replies for the same will be appreciated.
  Thanks and Regards,
  Vikram

  Vikram,
  Yes you will have to reconfigure the CSS.xml and cfg file for external auth.
  Here is the Sample CSS
  <spi>
            <provider>
                 <msad name="full360">
                      <trusted>false</trusted>
                      <url>ldap://192.168.1.100:389/DC=full360,DC=com</url>
                      <userDN>CN=Ravinder Singh,DC=full360,DC=com</userDN>
                      <password>full@360</password>
                      <authType>simple</authType>
                      <identityAttribute>dn</identityAttribute>
                      <maxSize>1000</maxSize>
                      <user>
                           <loginAttribute>sAMAccountName</loginAttribute>
                           <nameAttribute>dn</nameAttribute>
                      </user>
                      <group>
                           <nameAttribute>cn</nameAttribute>
                           <objectclass>
                                <entry>group?member</entry>
                           </objectclass>
                      </group>
                 </msad>
  Download this toll "http://www.ldapbrowser.com/download.htm"
  LDAP browser to get the perfact DN information.
  Let me know the status
  Ravikant

• 802.1x wireless authentication with certificates

  Hi.
  I have configured and working 802.1x authentication with certificates for Wired connections. with no problem.
  when i try to authenticate the same machine with 802.1x and certificates , on Wirelss, the ACS rejects it  with:
  "12520  EAP-TLS failed SSL/TLS handshake because the client rejected the ACS local-certificate."
  the ACS is the same, the certificate the same, and the root ca is the same.
  what's hapenning????
  Antero Vasconcelos

  What supplicant are we using for wireless authentication? Do we have complete chain of certificates installed on the client machine? Can you check if we have root CA/intermediate correctly installed in client and ACS.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• 802.1x Wireless Authentication

  Hello
  I am using a MS Certificate Server and MS Radius server with 802.1x Wireless Authentication. When the macs Authenticate I get a warning so to speak and the Cert will not save or trust. I have enter it in as a 509 anchor and other and still the same thing. Is anyone out there doing this.
  The windows says
  801x Authentication
  The Server Certificate could not be validated becuase the root certificate is missing.
  Thanks

  No, CA wasn't changed with R2.
  Are you able to see the User's certificate in the Keychain app under the login keychain & My Certificates? Can you see the CA's certificate under the X509Anchors?
  In the login keychain, when looking at the Users certificate, does it show as valid?

• Authentication issues

  We've had authentication issues with Infinity since the install just over a week ago (BT Business package)
  The router will drop the connection and then we have a problem reconnecting (won't). Out of sheer frustration I've discovered a workaround that sometimes works that is to change the user name to the BT test account, connect, and then change the router user name setting back to our own. The BT test account always works, so despite a BT engineer being sent to trace the problem onsite yesterday the issue remains. We've also been sent a new router, and the BT engineer arrived with yet another new one yesterday
  The problem seems to be purely authentication. The Technical Helpdesk have changed our password (twice) but we still get the problem. Yesterday I was told that some other users in our area have also had an authentication issue and that over the weekend 'patches' were going to be applied at our local exchange.
  When the service works we get quite good speeds (37 down, 8 up) but we're frustrated with the lack of knowledge from the help-desk and have doubts that the 'patches' will resolve the issue
  Such is the problem that BT will downgrade us back to ADSL2 (which was rock solid in comparison) next week if we're still unhappy
  I did ask if our user name could be changed but told no. I'm curious to know as to what the switch to fibre could cause authentication problems?

  hi this is a BT Residential forum as a Business user you may get more help from the BT business forum
  http://business.forums.bt.com/t5/Broadband-and-internet/bd-p/Broadband
  If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

• Wireless connecion issues using a macbook

  Hi,
  RE: Wireless connecion issues using a macbook
  After doing some google searches, I have come to understand that there is a bug with OSX power management when running on battery which impacts the wireless connection of the macbook, though Apple geniuses are unaware of any such issue. Please see: http://kristopherjohnson.blogspot.com/2006/08/macbook-wireless-connection-drops. html and type in "macbook wireless connection problems" in google for many other discussions on this issue.
  For all those who are having wireless connection issues with a macbook:
  Plug in the macbook to use mains power (not the battery) to verify that you are impacted by the same bug (I even find sometime unable to connect to the router when on battery so have resorted to starting the machine with mains power plugged in). If that is the problem then here is a work around (taken from above blog):
  Open the terminal window and type in the following command: ping -i 5 google.com
  (this will ping the google domain every 5 seconds and maintain the wireless activity thus a connection).
  I am surprised that Apple are not acknowledging this well known and widely reported bug and fixing the issue. In my case, I dont mind plugging the machine into mains most of the time and that has resolved the problem, otherwise I hope the above pinging works for you.
  I discovered the workaround after ditching my old DLink router (though it had done its time) and buying an Airport extreme (£120), a trip to the Apple store (40 miles drive), trying several different people's machine on my network (frustration) and finally google to rescue, more specifically Kristopher Johnson's blog.
  NOTE: My macbook worked fine in the Apple store while on battery power which was frustrating but apparently the problem only arises when connecting to consumer grade networks and not commercial ones, which I dont understand technically.
  HTH
  Regards
  Faisal

  you can use but you will not get full screen on HDMI output.
  Sometimes width or height of the screen was not completely used by ur mac other then that everything would be good.
  You need to buy HDMI Output cable for mac something like this
  http://store.apple.com/us/product/HA825ZM/A/belkin-mini-displayport-to-hdmi-cabl e-2-m65-ft?fnode=51