Work with certificates
Hello!
Please tell me why the panel "work certificates" is not active?
Adobe Reader XI 11.0.06 - Russian
Hi Bram
Here is what i did.
in the situation, you have mydomain.local as your domain, but mydomain.com as your normal pubic domain.
I added workfolders.mydomain.com to my public DNS as an A record and point to the IP of that record to the gateway of my internet on my local server.
In my case, my local server would have been server.mydomain.local. I created a new zone in my AD DNS server called workfolders.mydomain.com. in there i create a blank A record with the ip of my local server.
in my router i portfoward port 443 to my ip of server.mydomain.local.
In IIS managament of the local server create a certificate request for workfolders.mydomain.com
obatian an SSL certificate for workfolders.mydomain.com from a place like godaddy.com and install in IIS and bind to port 443. You should only have the IIS core web services installed and NOT the full IIS.
when you setup workfolders on the clients, choose to enter an address and type https://workfolders.mydomain.com.
When you are local and you ping workfolders.mydomain.com it should point to the local server because of the A record you created local.
When you are out of the office, the public domain will then route to your server via your router and find the server.
This has worked for me and all syncs fine both local and over the internet
Similar Messages
-
Office 2010 created PDF only bringing up Work with Certificates option with Signing
When creating PDF documents with Microsoft Word 2010, the only Sign option showing is Work With Certificates and is greyed, I Need To Sign and Get Others to Sign is missing. My previous PC with Windows 7/Office 2010 and Reader Xi was able to sign documents. I'm also able on my old XP machine to create a dummy pdf in Word 2010 and sign it in Reader, and on my Windows8/Office 2013/Reader Xi PC. Any idea as to where this might have been broken?
With the PDF file created in 2013, I Ctrl+D'd to get the security settings as it's commonly suggested that electronic signatures is failing because of a setting there, however I'm still able to sign it with Signing: Not Allowed and get the full signing menu instead of the Work With Certificates.Hi,
If you meet any problems when using our products, you can post the question here. Please post one question in a single thread, and the question should be posted in the proper forum.
The current forum is for Office 2010 - Planning, Deployment, and Compatibility.
Just as Don mentioned, you may have multiple questions and some of them are not well placed, post them to the correct forum to get the specific support.
Regards,
Melon Chen
TechNet Community Support -
This has been an issue for a while now. Trying to use certreq -enroll -machine [Template Name] on Windows 7 machines fails with not implemented. When I run this command with the -q flag I see that the certificate I want is unavailable and displays:
A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted.
When I go into the properties of this certificate and goto the Certification Authority tab and check the "Show all enrollment servers" it shows my server greyed out with this message:
The system could not determine if you can access this certificate. Not implemented.
The template sits on a enterprise 2003 server CA and this process works with Windows 8.1 machines. Which means that the template has the correct permissions and is issued correctly.
Is this a known issue with Windows 7 or am I missing something in the config? Help is greatly appreciated.
Thanks,Hi
I have done some tests on a Windows 7 Enterprise machine and a Windows 8.1 Enterprise machine, it turns out that I have the same issue with you.
On the Windows 7 machines, I cannot use Certreq.exe to request machine certificates, but I can successfully request user certificates, and there is no issue with the Windows 8.1 machine.
Best Regards,
Amy
Interesting. From what I can tell, there are no patches that fix this issue either... -
Getting self-signed certificates working with mail
Hi all,
I am having trouble getting email certificates created with keychain access to work in mail.
According to the Leopard help file, you simply have to go to Keychain access and create the certificate, which I did. After that if you create a message in mail with that account, there should be an icon showing that the message will be signed or encrypted if you have the recipients certificate installed. I cannot seem to get this to work. I have created the certificates specifically for email, the certificate shows in Keychain as well as a public and private key entry, but mail refuses to see it.
Has anyone gotten this to work with Mail and self-signed certificates?
Any help would be most appreciated.
Thanks,
RacerXHave you tried setting the "Always trust" property? Double click the certificate in Keychain Access and allow it to have always trust for email.
Also, make sure that bundles are enabled for mail.
(Forget the command, google for "defaults write com.apple.mail enableBundles")
That did it for me.
Br,
T -
How do reward certificates work with price adjustments?
I purchased an item for $50 using $40 reward certificate with the rest on my credit card. That item is now on sale for $20 less and it has only been 6 days (I am in the return period). How will it work since the returned amount will be more than what was charged to my card, will I just get the reward points back?
Hello darkk88,
That is a great question! If you meet the terms of our Price Match Guarantee, then you will definitely have some points that are returned to your My Best Buy™ account. There is a possibility the portion that was charged to your credit card could be refunded; however, it is more likely that points will be returned since a majority of the purchase was paid for with certificates. Let me know if you have any other questions. : smileyhappy:
Best Buy Price Match Guarantee
I hope you have a fantastic day, and thank you for connecting with us on the forum!
Derek|Social Media Specialist | Best Buy® Corporate
Private Message -
I used Firefox 26 at Android 4.2.1 and try to sign docs in bank application but receive a message ”window.crypto Error:undefined, TypeError: window.crypto.signText is not a function”.
Hello Philipp, thank you for your answer.
I used this addon and i have certificate in the browser, i can choose it, but when try to sign docs with it, i receive this message ”window.crypto Error:undefined, TypeError: window.crypto.signText is not a function”.
My be 'window.crypto.signText' function is not supported in Firefox for Android, so question is there plans browser to work with this function or how it can be enabled. -
Active Sync certificates no longer work with iOs 4.3
Existing Active Sync certificates no longer work with iOs 4.3. Can I fix this?
My results differ from yours.
With iOS 4.0x, 4.1 and 4.2x my smart playlists with live updating were broken. It would start with track 1 of 5, then 2 of 4, then 3 of 3, 4 of 2, then would generally crash the iPod app. If I left the playlist and re-entered it would have removed the entries already played, but I would find that some of the entries that should have played had actually been skipped in m playlist.
With iOS 4.3, my playlists are properly working for me again. Now they play 1 of 5, 2 of 5, 3 of 5, ... If I return to the playlist while it is playing, I see that the entries that have already played are removed, and if I leave the playlist to return later, it starts over a 1 of 2, 2 of 2...
I have posted another thread of how I have my playlists defined, so perhaps that would help you. I do recall that there were some conditions that used to cause problems if used in a smart playlist. -
How to create a certificate signing request that works with Microsoft CA
Hi, I have created a certificate signing request file with keytool. When I try to create a certificate from it with CertReq (I use a Microsoft CA) I get the following error message:
Certificate not issued (Denied) Denied by Policy Module The request does not contain a certificate template extension or the CertificateTemplate request attribute. (The request contains no certificate template information. 0x80094801 (-214687 5391)) Certificate Request Processor: The request contains no certificate template information. 0x80094801 (-2146875391) Denied by Policy Module The request does not contain a certificate template extension or the CertificateTemplate request attribute.
How do I create a certificate signing request file so that a Microsoft CA will accept it and create a certificate from it. Thanks, Linh.I'm writing a applecation about x509 to deal with certificate and certificate request.
I found that DER format certificate request create by sun's software with no extensions.
I think this cause your error.My be MS CA can't identify such a request!So it's difficult to solve this problem unless MS or Sun change their codes.
JStranger -
I am unable to get Thunderbird to work with my exchange email account
I have tried a heap of different configurations including using ExQuilla with no success. I will provide the insrtuctions I received for accessing my account using outlook.
I hope you can help, as I find Thunderbird a great platform, and really don't want to go back to Outlook.
*Note – the instruction at step 5 is fairly important. It is easy to miss it and hit “check name”. Don’t – It’ll piss you off no end.
Let me know how you go.
Using Outlook via the Internet
If you are using Microsoft® Office Outlook® 2003, you can connect to the computer running Windows® Small Business Server through the Internet using the feature called RPC over HTTP. This means you can remotely access your server e-mail account from the Internet when you are working outside your organization's firewall. You do not need security-related hardware or software (such as smart cards or security tokens), and you do not have to establish a virtual private network (VPN) connection to the server.
Comparing RPC over HTTP and Outlook Web Access
When using RPC over HTTP to access your mailbox, you get the full functionality of Outlook 2003. For example, you can work offline, use Microsoft Office Word 2003 as your e-mail editor, and easily organize your mailbox.
To use Outlook via the Internet
Ensure that the following requirements have been met on the client computer:
Verify that the computer is running Microsoft Windows XP Service Pack 1 or later
• Click Start, right-click My Computer, and then click Properties.
The version of the operating system and service pack is displayed under System. If you do not see a service pack version, there is no service pack installed.
Verify that Windows update Q331320 is installed on the computer (not required if you are running Windows XP Service Pack 2 or later)
1. Click Start, click Control Panel, and then open Add or Remove Programs.
2. Under Currently installed programs, search for the item Windows XP Hotfix (SP2) Q331320.
3. If the item is not present, go to the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=18651) and follow the instructions to download and install it.
Verify that the computer is running Outlook 2003 or later
1. Open Outlook.
2. Click the Help menu, and then click About Microsoft Office Outlook. The version number appears at the top of the box.
Verify that the computer trusts the certificate used by the server
1. Open Internet Explorer, and then in the address bar type:
https://vpn.alaea.asn.au/remote
• If the certificate is trusted, a certificate warning does not appear. In this case, continue with step 1 under Ensure that you have an Outlook profile configured for the server.
• If the certificate is not trusted, a warning appears. Click View Certificate, click Install Certificate, and then follow the instructions.
Ensure that you have an Outlook profile configured for the server
1. Click Start, and then click Control Panel.
• If you are viewing Control Panel in the default Category view, switch to Classic view, and then double-click Mail.
• If you are viewing Control Panel in Classic view, double-click Mail.
2. In the Mail Setup dialog box, click Show Profiles. If your profile appears in the list, select your profile, click Properties, click E-mail Accounts, select View or change existing e-mail accounts, and then click Next. If your profile does not appear, open Outlook and follow the instructions to create a profile before proceeding.
• If Microsoft Exchange Server does not appear in the list, the existing profile is not associated with a Microsoft Exchange Server e-mail account. Click Cancel, and then click Close. Continue with step 3 to add a profile.
• If there is an existing Microsoft Exchange Server profile, continue with step 3 under Configure the computer for RPC over HTTP.
3. Click Add. The New Profile dialog box appears.
4. In the Profile Name box, type a name for the new profile, and then click OK. The E-mail Accounts dialog box appears.
5. Under E-mail, select Add a new e-mail account, and then click Next. The Server Type dialog box appears.
6. Click Microsoft Exchange Server, and then click Next.
7. Continue with step 4 under Configure the computer for RPC over HTTP.
Configure the computer for RPC over HTTP
1. Click Start, and then click Control Panel.
• If you are viewing Control Panel in the default Category view, switch to Classic view, and then double-click Mail.
• If you are viewing Control Panel in Classic view, double-click Mail.
2. In the Mail Setup dialog box, click E-mail accounts, click View or change existing e-mail accounts, and then click Next.
3. In the E-mail accounts dialog box, click Microsoft Exchange Server, and then click Change.
4. In the Microsoft Exchange Server box, type the local name of the Exchange server:
alaea-sbs1.alaea.alaea.asn.au
5. In the User Name box, type the user name that you use to log on to the Remote Web Workplace. Do not click Check Name.
6. In the Exchange Server settings page, click More Settings.
7. On the Connection tab, under Exchange over the Internet, select Connect to my Exchange mailbox using HTTP, and then click Exchange Proxy Settings. The Exchange Proxy Settings dialog box appears.
8. Under Use this URL to connect to my proxy server for Exchange, type the following URL:
vpn.alaea.asn.au
9. Select Connect using SSL only, and then select Mutually authenticate the session when connecting with SSL.
10. In the Principal name for proxy server box, type the following text:
msstd:vpn.alaea.asn.au
11. Select On slow networks, connect using HTTP first, then connect using TCP/IP.
12. Under Proxy authentication settings, select Basic Authentication.
13. Click OK, and then click OK again. Click Next, and then click Finish. Click Close.
14. In the Mail dialog box, if Always use this profile is selected, choose the newly configured profile.
15. Open Outlook and type your Windows Small Business Server user name (in the format ALAEA\user name) and password. You can now work with your Outlook mailbox.Sheesh. That looks hard. I think it will fall over at this point:
"Connect to my Exchange mailbox using HTTP" 'cos Thunderbird uses only the regular email protocols: POP, IMAP and SMTP.
Here (at work) we have in the past have had IMAP and SMTP enabled on our Exchange server so Thunderbird could then connect just like to any other regular internet-based service.
With the change here to outlook365/outlook 2010 I've had to switch to using DavMail which lets Thunderbird talk to the mail server using OWA.
I haven't (seriously) tried Exquilla. Whilst I have great respect for its author and some of his other add-ons, I saw no reason to use an add-on that required payment when DavMail works for free. -
Cannot get ITS SSO to work with EP6 Sp15
I am having problems with SSO from EP6 to ITS (my EP5 to the same ITS works great).
This is what I have done.....
It is a R3 4.6C system so I wondered if any patches were needed....however I have got SSO working with the SAP Win GUI - so this tells me that the R3 system and the imported verify.der certificate is OK.
The connection test for ITS works - so this tells me the parameters in the System are correct.
The parameter mysapcomusesso2cookie is set to 1 - and this is the same ITS system that is used for SSO between the EP5 portal and R3....and it works in this case.
I have set only the following parameters in the System:
ITS Description = Test1
ITS Host Name = myportal.com:91
ITS Path= /scripts/wgate
ITS Protoco = http
Logon Method = LOGONTICKETS
Anything else I may be missing?
Thanks
PatrickHi
What mean "FQDN"?
I must 'dots' in my address..?
Bogdan -
AIR-LAP1242G-E-K9 do not work with AIR-CT5508-K9 while AIR-LAP1142N-E-K9 do
Hello,
we do have a site where we need to deploy AIR-LAP1142N-E-K9 and AIR-LAP1242G-E-K9 APs. We have two AIR-CT5508-K9 controllers with SW version 6.0.188.0.
AIR-LAP1142N-E-K9s work okay, as expected, we do not have any problems with them.
However AIR-LAP1242G-E-K9s do not, there is a problem with establishing CAPWAP tunnel with the controller.The AP is seen on the controller for a while, with 0 time up-time, cannot change any settings on the AP via controller, and after a while it disapears from the controller, apears again and this repeats.
The APs and controllers are connected to the LAN campus.
Controllers via two 1G links configured as Etherchannel to WS-C6506-E VSS switch with s72033-ipservicesk9_wan-vz.122-33.SXI1.bin on it.
APs to WS-C3750G-48PS with c3750-ipbasek9-mz.122-50.SE2.bin on it. 3750 is connected to the C6505 via two 1G links configured as Etherchannel.
Below I copied the log I captured on 1242 and the controller. Highlighted ones are the ones which I think might bring a clue.
I performed some troubleshooting steps.
- As we have some other controllers available over WAN, I tested the 1242 AP with 2100, 4400 and also with the same model AIR-CT5508-K9 with SW version 6.0.188.0 over WAN and this worked always okay.
- I wanted to be sure that I eliminate any kind of out of sequence packet issue, so I brought down all redundancy L2 links so that the L2 path from the AP to the controller was only through one leg links.
- I also brought the second controller down to eliminate potential issue with having two of them up.
- The AP gets its IP from DHCP configured on the C6506 switch, I am always able to ssh to AP, so the IP connectivity does not seem to be an issue.
- I have more 1242s, all behave in the same way. I also connected them to some other 3750 switches we have in the campus, always the same.
- As this seems to be maybe a kind of ssl issue, I tried to play with controller settings, like enabling Accept... options under Security/AP Policy,but this did not help.
- I also tried to reboot the controller, no improvement.
- The APs came from the factory, so in the beginning everything was factory default in them. They were always able to download the image from the controller in the very initial phase. I still do have some of them untouched, so I can perform any troubleshooting steps with the fresh one.
I can reproduce this, can also send debugging logs if needed.
Any idea on what could be wrong is highly appreciated.
Thank you.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This Discussion has been converted into document:- https://supportforums.cisco.com/docs/DOC-23054
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
AIR-LAP1242G-E-K9 10.0.13.28 log
*Mar 1 00:00:05.922: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:07.536: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot1 1Radio 0
*Mar 1 00:00:07.672: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 304 messages)
*Mar 1 00:00:09.809: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:09.874: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(21a)JA2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 02-Nov-09 18:42 by prod_rel_team
*Mar 1 00:00:09.874: %SNMP-5-COLDSTART: SNMP agent on host wuen4028 is undergoing a cold start
*Mar 1 00:00:09.964: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:00:09.967: bsnInitRcbSlot: slot 1 has NO radio
*Mar 1 00:00:10.191: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:00:10.191: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:10.430: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:00:10.818: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:11.212: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:00:18.315: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.0.13.28, mask 2 55.255.255.0, hostname wuen4028
*Mar 1 00:00:28.988: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:00:31.456: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:00:31.495: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:32.457: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:00:32.457: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
*Mar 1 00:00:38.810: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:00:47.811: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Mar 1 00:00:56.812: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER
*Mar 1 00:01:07.815: %CAPWAP-3-ERRORLOG: Selected MWAR 'wuen4001'(index 0).
*Mar 1 00:01:07.815: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Feb 11 07:52:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.13.5 peer_port: 5246
*Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Feb 11 07:52:25.441: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.13.5 peer_port: 5246
*Feb 11 07:52:25.443: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.13.5
*Feb 11 07:52:25.443: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 10.0.13.5
*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.0.13.5
*Feb 11 07:52:30.441: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.13.5
*Feb 11 07:52:30.442: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 10.0.13.5
*Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.0.13.5
*Feb 11 07:52:47.644: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Feb 11 07:53:23.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.0.13.5:5246
*Feb 11 07:53:24.000: %CAPWAP-3-ERRORLOG: Selected MWAR 'wuen4001'(index 0).
*Feb 11 07:53:24.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Feb 11 07:52:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.13.5 peer_port: 5246
*Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Feb 11 07:52:24.001: %DTLS-5-PEER_DISCONNECT: Peer 10.0.13.5 has closed connection.
*Feb 11 07:52:24.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.0.13.5:5246
*Feb 11 07:52:24.002: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Feb 11 07:52:24.123: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
wuen4028#
AIR-CT5508-K9 10.0.13.5 log
*Feb 11 09:00:54.824: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to c
omplete DTLS handshake with peer 10.0.13.28
*Feb 11 08:59:53.798: %DOT1X-3-MAX_EA
P_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for
client 00:1f:3b:93:dd:4f
*Feb 11 08:59:51.197: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
ity request retries (3) exceeded for client 00:c0:a8:e1:b1:71
--More-- or (q)uit
*Feb 11 08:59:21.212: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di
rector: Could not find valid channel lists for 802.11bg
*Feb 11 08:58:39.766: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to c
omplete DTLS handshake with peer 10.0.13.28
*Feb 11 08:57:06.131: %RRM-3-RRM_LOGM
SG: rrmChanUtils.c:292 RRM LOG: Airewave Director: Could not find valid channel
lists for 802.11bg
*Feb 11 08:56:24.504: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to c
omplete DTLS handshake with peer 10.0.13.28
*Feb 11 08:55:09.693: %DOT1X-3-MAX_EA
P_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for
client 00:1f:3b:93:dd:4f
*Feb 11 08:54:51.040: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di
rector: Could not find valid channel lists for 802.11bg
*Feb 11 08:53:56.493: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis
sions exceeded for client 00:1f:3b:93:dd:4f
*Feb 11 08:53:34.497: %DTL-3-OSARP_DEL_FAILED: dtl_arp.c:1380 Unable to delete a
n ARP entry for 10.0.13.28 from the operating system. ioctl operation failed
*Feb 11 08:52:35.936: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di
rector: Could not find valid channel lists for 802.11bg
*Feb 11 08:52:26.492: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis
sions exceeded for client 00:1f:3b:93:dd:4f
*Feb 11 08:50:07.680: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis
sions exceeded for client 00:1f:3b:93:e6:57
*Feb 11 08:48:37.458: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
ity request retries (3) exceeded for client 00:1f:3b:93:e6:57
*Feb 11 08:47:37.438: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis
sions exceeded for client 00:1f:3b:93:e6:57
*Feb 11 08:47:34.438: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
ity request retries (3) exceeded for client 00:16:44:1d:0f:53
*Feb 11 08:46:32.422: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-ke
y M3 retransmissions exceeded for client 00:16:44:1d:0f:53
*Feb 11 08:46:06.790: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
ity request retries (3) exceeded for client 00:1f:3b:95:61:bd
*Feb 11 08:46:06.789: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication abor
ted for client 00:1f:3b:95:61:bd
*Feb 11 08:46:06.210: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
ity request retries (3) exceeded for client 00:1f:3b:93:e6:57
*Feb 11 08:45:34.304: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
ity request retries (3) exceeded for client 00:1f:3b:95:61:bd
*Feb 11 08:45:34.303: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication abor
ted for client 00:1f:3b:95:61:bd
*Feb 11 08:45:01.298: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di
rector: Could not find valid channel lists for 802.11bg
*Feb 11 08:44:38.076: %SIM-3-PORT_UP: sim.c:9547 Physical port 2 is up!.
*Feb 11 08:44:38.037: %SIM-3-PORT_UP: sim.c:9547 Physical port 1 is up!.
--More-- or (q)uit
*Feb 11 08:44:38.009: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'cliWebInitParms.cfg'
*Feb 11 08:44:37.980: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'rrcEngineInitParms.cfg'
*Feb 11 08:44:37.980: %CNFGR-3-INV_COMP_ID: cnfgr.c:2105 Invalid Component Id :
Unrecognized (81) in cfgConfiguratorInit.
*Feb 11 08:44:37.928: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'rfidInitParms.cfg'
*Feb 11 08:44:37.915: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'dhcpParms.cfg'
*Feb 11 08:44:37.903: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'bcastInitParms.cfg'
*Feb 11 08:44:37.834: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'rrmInitParms.cfg'
*Feb 11 08:44:27.331: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'apfInitParms.cfg'
*Feb 11 08:44:27.226: %MM-3-MEMBER_ADD_FAILED: mm_dir.c:903 Could not add Mobili
ty Member. Reason: IP already assigned, Member-Count:1,MAC: 00:00:00:00:00:00, I
P: 0.0.0.0
*Feb 11 08:44:27.023: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'mmInitParms.cfg'
*Feb 11 08:44:27.013: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'aaaapiInitParms.cfg'
*Feb 11 08:44:27.011: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'pemInitParms.cfg'
*Feb 11 08:44:26.898: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'dot1xInitParms.cfg'
*Feb 11 08:44:26.868: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'capwapInitParms.cfg'
*Feb 11 08:44:26.718: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'spamInitParms.cfg'
*Feb 11 08:44:25.650: %SSHPM-3-FREAD_FAILED: sshpmlscscep.c:1395 Error reading f
ile /mnt/application/lscca_pem.crt
*Feb 11 08:44:06.435: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
figuration file 'sshpmInitParms.cfg'Thanks for such quick response and suggestions.
Yes, I seem not to to be 100% perfect as for the list of troubleshooting steps I took.
I had already tried the two commands you mentioned. I tried again, this time with some other 1242, but these do not help.
Yes, I was already thinking that this could be in theory a licensing issue. The controller is bougth with 25 licenses.
In the beginnign I had one 1142 on it and tried to enable 1242s which did not work. Now I have five 1142s on it, as this worked okay, I guess it could not be a licensing issue.
I think that I can see in the log files that the machines communicate to each other, L2 or L3 paths seem to be working okay. I forgot to mention that I am using option 43 on the DHCP server, so the AP clearly finds its way to the controller. What's more both APs and the controllers are in the same VLAN, so they are in the same broadcast domain.
Below is sho ver from the AP. The AP seems to have Certificate type - manufacture installed, so I guess there should not be a problem with the certificate, especially knowing that the AP works with other controllers over WAN.
My guess these messages seen on AP especially "Invalid event 38 & state 3 combination" might tell us what's wrong.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
*Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Feb 11 07:52:24.001: %DTLS-5-PEER_DISCONNECT: Peer 10.0.13.5 has closed connection.
*Feb 11 07:52:24.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.0.13.5:5246
*Feb 11 07:52:24.002: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Feb 11 07:52:24.123: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(21a)JA2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 02-Nov-09 18:42 by prod_rel_team
ROM: Bootstrap program is C1240 boot loader
BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)
AP9caf.ca00.1c78 uptime is 17 minutes
System returned to ROM by power-on
System image file is "flash:/c1240-k9w8-mx.124-21a.JA2/c1240-k9w8-mx.124-21a.JA2"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1242G-E-K9 (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FCZ135082GH
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 6.0.188.0
1 FastEthernet interface
1 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 9C:AF:CA:00:1C:78
Part Number : 73-11479-01
PCA Assembly Number : 800-30493-01
PCA Revision Number : A0
PCB Serial Number : FOC13484GYY
Top Assembly Part Number : 800-29589-03
Top Assembly Serial Number : FCZ135082GH
Top Revision Number : A0
Product/Model Number : AIR-LAP1242G-E-K9
Configuration register is 0xF
AP9caf.ca00.1c78# -
Windows Radius / NPS not working with mac book pro 10.9.4 wired
Hi,
I'm trying to get my Radius windows server 2012 working with the correct setting for using 802.1x wired connection for the mac book pro. The only issue I'm having is there is not much setting in the mac book pro. I'm not sure what need to setup on the sever to make it connect correctly and assign it to the correct vlan when it's authenticated.
Here are some screen shoots for my mac book pro
So I've got it up to a point where I have this issue and here is my screen shots setting:
So the above are my windows 2012 screen shot settings.
On the mac book pro, I'm getting a prompted about adding certificate and I've added that into the laptop and then I need to put the username and password information. I put the following:
[email protected] and the password.
I'm current working with someone at HP on the switch settings, everything looks good.
I know the following:
1. Wireshark: shows server is getting request from the switch but it's not accepting them here are my logs on the NPS:
RAD01 6274 Information Microsoft Windows security auditing. Security 2014-08-21 12:40:24 PM
Here is the detail of the machine:
Network Policy Server discarded the request for a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: S-1-5-21-2690993882-1154983957-2264505580-1328
Account Name: [email protected]
Account Domain: LCS
Fully Qualified Account Name: LCS\username
Client Machine:
Security ID: S-1-0-0
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: b4-39-d6-ec-2c-00
Calling Station Identifier: ac-7f-3e-e6-32-34
NAS:
NAS IPv4 Address: xx.xx.xx.xx
NAS IPv6 Address: -
NAS Identifier: 5412zl-xxx-xxxxswithname
NAS Port-Type: Ethernet
NAS Port: 170
RADIUS Client:
Client Friendly Name: HP Procurve 5412zl switch
Client IP Address: xx.xx.xx.xx
Authentication Details:
Connection Request Policy Name: Secure Wired (Ethernet) Connections
Network Policy Name: Secure Wired (Ethernet) Connections
Authentication Provider: Windows
Authentication Server: rad01.xxx.xxx.ca
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Reason Code: 1
Reason: An internal error occurred. Check the system event log for additional information.
Again I don't know what's the correct setting the default 802.1x for mac book pro, but it should correct.
I'm also not sure what the internal error message is regarding about. The switch should automatically put me to vlan 7
Can you some please help out what the correct authentication method for mac 10.9.4.
ThanksFlash Player is a browser add-on, not a standalone application.
You can test if the player is correctly installed at http://www.adobe.com/software/flash/about/ -
Problem with certificate authentication at wlc 4402
Hi,
we have a problem to get a connection from the client to the WLC.
we are using Cisco Aironet 1130 AG and a Cisco 4402 WLC in our network. The certificate service is installed on a Windows 2008 R2 server. We use a standalone Root CA with a Enterprise Sub CA hierarchy. Issueing certificates to clients works fine. The vendor and ca certificates are installed on the WLC and the user have his user certificate. During implementation we used following document: "http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml#wlc". Instead of Anonymous Bind, we use a service user to read in AD (works fine, too).
We use the Intel/PRO wireless utility on our Testclient and configured it for EAP-FAST and TLS. We can select the installed certificate in the utility, but when we try to connect, the utility throw the message: "Authentication failed due to an invalid certificate".
We´ve logged the WLC and thats a part of the logfile (i´ve greyed out all enterprise data):
*EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
*LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (...)))
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
*LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="..." (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=... (size 76)
*LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
*LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: ...(0x78000041)
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
*EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
*EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1 Flags:S Length:0x0014
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422: Payload: 00040010436973636F00000000000000 ...
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST ID:0x 2 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
*EAP
Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event
'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
*EAP
Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
*EAP
Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : ...
*EAP Framework: Jan 18
12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : ...
*EAP Framework: Jan 18
12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th,
17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
*EAP
Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject :
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=...
*EAP
Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from
'2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
*EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
*EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
*EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0033
*EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422: Payload: 0100002F03014F16A8262631FC9DC042 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello Length:0x002F
*EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422: Payload: 03014F16A8262631FC9DC042253D3E24 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_RC4_128_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake Version:0301 Length:0x002A
*EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422: Payload: 0200002603015F3325EADF12E6296F91 ...
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello Length:0x0026
*EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422: Payload: 03015F3325EADF12E6296F91530FE67F ...
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0B54
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 0B000B50000B4D00059F3082059B3082 ...
*EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate Length:0x0B50
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 000B4D00059F3082059B30820483A003 ...
*EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
*EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
*EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake Version:0301 Length:0x028D
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0C0002890100FFFFFFFFFFFFFFFFC90F ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange Length:0x0289
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake Version:0301 Length:0x000B
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 0D00000704030401020000
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request Length:0x0007
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 04030401020000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0004
*EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422: Payload: 0E000000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done Length:0x0000
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1 Flags:LM Length:0x03DE
*EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422: Payload: 160301002A0200002603015F3325EADF ...
*EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST ID:0x 3 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP
Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received
TLS record type: Handshake in state: Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0007
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 0B000003000000
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate Length:0x0003
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 000000
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert Version:0301 Length:0x0002
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 0228
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1 Flags:L Length:0x0007
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 15030100020228
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST ID:0x 7 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
We think that the reason why it didn´t work, is the part:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
But we aren´t sure.
Maybe anyone can help us. Many thanks in advance.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.01.18 12:08:18 =~=~=~=~=~=~=~=~=~=~=~=
debug aaa all disable debug aaa all enable(Cisco Controller) >*Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc Audit Session ID added to the mscb: 0a63081e000000994f16a825
*Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: Creating audit session ID (dot1x_aaa_eapresp_supp) and Radius Request
*aaaQueueReader: Jan 18 12:08:21.917: AuthenticationRequest: 0x30b52e90
*aaaQueueReader: Jan 18 12:08:21.917: Callback.....................................0x10b7803c*aaaQueueReader: Jan 18 12:08:21.917: protocolType.................................0x00140001*aaaQueueReader: Jan 18 12:08:21.917: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.917: Packet contains 16 AVPs (not shown)*aaaQueueReader: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc [Error] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*aaaQueueReader: Jan 18 12:08:21.918: 18:3d:a2:0a:ec:bc Returning AAA Error 'No Server' (-7) for mobile 18:3d:a2:0a:ec:bc
*aaaQueueReader: Jan 18 12:08:21.918: AuthorizationResponse: 0x3e04bd08
*aaaQueueReader: Jan 18 12:08:21.918: structureSize................................32*aaaQueueReader: Jan 18 12:08:21.918: resultCode...................................-7*aaaQueueReader: Jan 18 12:08:21.918: protocolUsed.................................0xffffffff*aaaQueueReader: Jan 18 12:08:21.918: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.918: Packet contains 0 AVPs:*aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: Creating new context
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received context create from lower layer (0x0000013F)
*aaaQueueReader: Jan 18 12:08:21.918: id_manager.c-AUTH-SM: Got new ID 78000041 - id_get
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received credential profile name: "(null)" from LL
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Allocated new EAP context (handle = 0x78000041)
*aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: Created new context eap session handle 78000041
*aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 1) to EAP subsys
*EAP Framework: Jan 18 12:08:21.919: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:21.920: eap_core.c:1484: Code:RESPONSE ID:0x 1 Length:0x002b Type:IDENTITY
*EAP Framework: Jan 18 12:08:21.920: eap_core.c:1422: Payload: 416E6472652E54736368656E74736368 ...
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response type = Identity
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: Received peer identity: [email protected]
*EAP Framework: Jan 18 12:08:21.920: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_USERNAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.920: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.921: LOCAL_AUTH: (EAP) Sending user credential request username '[email protected]' to LDAP
*aaaQueueReader: Jan 18 12:08:21.921: AuthenticationRequest: 0x33a6ae18
*aaaQueueReader: Jan 18 12:08:21.921: Callback.....................................0x10765234*aaaQueueReader: Jan 18 12:08:21.921: protocolType.................................0x00100002*aaaQueueReader: Jan 18 12:08:21.921: proxyState...................................18:3D:A2:0A:EC:BC-00:00*aaaQueueReader: Jan 18 12:08:21.921: Packet contains 2 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
*LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.922: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.925: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP server 1 changed state to CONNECTED
*LDAP DB Task 1: Jan 18 12:08:21.925: disabled LDAP_OPT_REFERRALS*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (base=DC=group,DC=jenoptik,DC=corp, pattern=(&(objectclass=Person)([email protected])))
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
*LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="DC=group,DC=jenoptik,DC=corp" type="Person" attr="userPrincipalName" user="[email protected]" (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (size 76)
*LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
*LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc
*LDAP DB Task 1: Jan 18 12:08:21.927: structureSize................................180*LDAP DB Task 1: Jan 18 12:08:21.927: resultCode...................................0*LDAP DB Task 1: Jan 18 12:08:21.927: protocolUsed.................................0x00000002*LDAP DB Task 1: Jan 18 12:08:21.927: proxyState...................................18:3D:A2:0A:EC:BC-00:00*LDAP DB Task 1: Jan 18 12:08:21.928: Packet contains 2 AVPs:*LDAP DB Task 1: Jan 18 12:08:21.928: AVP[01] Unknown Attribute 0......................CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (76 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928: AVP[02] User-Name................................Andre.Tschentscher@group.jenoptik.corp (38 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: [email protected] (0x78000041)
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
*EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
*EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1 Flags:S Length:0x0014
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422: Payload: 00040010436973636F00000000000000 ...
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST ID:0x 2 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:21.933: structureSize................................74*EAP Framework: Jan 18 12:08:21.933: resultCode...................................255*EAP Framework: Jan 18 12:08:21.933: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:21.933: proxyState...................................18:3D:A2:0A:EC:BC-02:00*EAP Framework: Jan 18 12:08:21.934: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile '[email protected]' (username '[email protected]')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : C=DE, ST=Thuringia, L=Jena, O=Jenoptik AG, OU=Jenoptik SSC GmbH, CN=Cisco WLC 1st, [email protected]
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th, 17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
*EAP Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=Jenoptik Certificate Authority
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from '2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
*EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
*EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
*EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0033
*EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422: Payload: 0100002F03014F16A8262631FC9DC042 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello Length:0x002F
*EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422: Payload: 03014F16A8262631FC9DC042253D3E24 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_RC4_128_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake Version:0301 Length:0x002A
*EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422: Payload: 0200002603015F3325EADF12E6296F91 ...
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello Length:0x0026
*EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422: Payload: 03015F3325EADF12E6296F91530FE67F ...
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0B54
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 0B000B50000B4D00059F3082059B3082 ...
*EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate Length:0x0B50
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 000B4D00059F3082059B30820483A003 ...
*EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
*EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
*EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake Version:0301 Length:0x028D
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0C0002890100FFFFFFFFFFFFFFFFC90F ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange Length:0x0289
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake Version:0301 Length:0x000B
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 0D00000704030401020000
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request Length:0x0007
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 04030401020000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0004
*EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422: Payload: 0E000000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done Length:0x0000
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1 Flags:LM Length:0x03DE
*EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422: Payload: 160301002A0200002603015F3325EADF ...
*EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST ID:0x 3 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.687: structureSize................................1048*EAP Framework: Jan 18 12:08:22.687: resultCode...................................255*EAP Framework: Jan 18 12:08:22.687: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.688: proxyState...................................18:3D:A2:0A:EC:BC-02:01*EAP Framework: Jan 18 12:08:22.688: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.700: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 3) to EAP subsys
*EAP Framework: Jan 18 12:08:22.701: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.701: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.702: eap_core.c:1484: Code:RESPONSE ID:0x 3 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.702: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.702: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.704: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c:138: Version: 1 Flags:M Length:0x03E2
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422: Payload: 3A2F2F2F434E3D4A656E6F7074696B25 ...
*EAP Framework: Jan 18 12:08:22.705: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422: Payload: 413A2F2F2F434E3D4A656E6F7074696B ...
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.707: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.707: eap_core.c:1484: Code:REQUEST ID:0x 4 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.707: eap_core.c:1422: Payload: 413A2F2F2F434E3D4A656E6F7074696B ...
*EAP Framework: Jan 18 12:08:22.707: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.709: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.709: structureSize................................1048*EAP Framework: Jan 18 12:08:22.709: resultCode...................................255*EAP Framework: Jan 18 12:08:22.709: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.710: proxyState...................................18:3D:A2:0A:EC:BC-02:02*EAP Framework: Jan 18 12:08:22.710: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.710: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.711: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.724: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 4) to EAP subsys
*EAP Framework: Jan 18 12:08:22.724: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.725: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.725: eap_core.c:1484: Code:RESPONSE ID:0x 4 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.725: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.725: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c:138: Version: 1 Flags:M Length:0x03E2
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422: Payload: BD84CC4BF49A766267DA94429BEBE087 ...
*EAP Framework: Jan 18 12:08:22.728: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422: Payload: 41BD84CC4BF49A766267DA94429BEBE0 ...
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.730: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.730: eap_core.c:1484: Code:REQUEST ID:0x 5 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.730: eap_core.c:1422: Payload: 41BD84CC4BF49A766267DA94429BEBE0 ...
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.731: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.732: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.732: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.732: structureSize................................1048*EAP Framework: Jan 18 12:08:22.732: resultCode...................................255*EAP Framework: Jan 18 12:08:22.733: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.733: proxyState...................................18:3D:A2:0A:EC:BC-02:03*EAP Framework: Jan 18 12:08:22.733: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.746: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 5) to EAP subsys
*EAP Framework: Jan 18 12:08:22.747: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.747: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.748: eap_core.c:1484: Code:RESPONSE ID:0x 5 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.748: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.748: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.750: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c:138: Version: 1 Flags: Length:0x0291
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422: Payload: 34C4C6628B80DC1CD129024E088A67CC ...
*EAP Framework: Jan 18 12:08:22.751: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x0297 Type:FAST
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422: Payload: 0134C4C6628B80DC1CD129024E088A67 ...
*EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.752: eap_core.c:1484: Code:REQUEST ID:0x 6 Length:0x0297 Type:FAST
*EAP Framework: Jan 18 12:08:22.752: eap_core.c:1422: Payload: 0134C4C6628B80DC1CD129024E088A67 ...
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.754: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.754: structureSize................................711*EAP Framework: Jan 18 12:08:22.754: resultCode...................................255*EAP Framework: Jan 18 12:08:22.754: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.754: proxyState...................................18:3D:A2:0A:EC:BC-02:04*EAP Framework: Jan 18 12:08:22.754: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0007
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 0B000003000000
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate Length:0x0003
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 000000
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert Version:0301 Length:0x0002
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 0228
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1 Flags:L Length:0x0007
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 15030100020228
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST ID:0x 7 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.834: structureSize................................65*EAP Framework: Jan 18 12:08:22.834: resultCode...................................255*EAP Framework: Jan 18 12:08:22.835: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.835: proxyState...................................18:3D:A2:0A:EC:BC-02:05*EAP Framework: Jan 18 12:08:22.835: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 11
*EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 7) to EAP subsys
*EAP Framework: Jan 18 12:08:22.838: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.839: eap_core.c:1484: Code:RESPONSE ID:0x 7 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.839: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.840: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.840: eap_core.c:1484: Code:RESPONSE ID:0x 7 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.840: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Received ACK from peer
*EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method state: Done
*EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Received get canned status from lower layer (0x78000041)
*EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Sending method directive 'Free Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.840: eap_fast.c-EVENT: Free context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.840: id_manager.c-AUTH-SM: Entry deleted fine id f700000e - id_delete
*EAP Framework: Jan 18 12:08:22.840: IOS_PKI_SHIM: Session 0x335ee108 deleted
*EAP Framework: Jan 18 12:08:2Now we found the reason.
The WLC doesn´t work with the Sub CA respectively with chain certificates for device authentication.
"Support for Chained Certificate
In controller versions earlier than 5.1.151.0, web authentication certificates can be only device certificates and should not contain the CA roots chained to the device certificate (no chained certificates).
With controller version 5.1.151.0 and later, the controller allows for the device certificate to be downloaded as a chained certificate for web authentication.
Certificate Levels
Level 0—Use of only a server certificate on WLC.
Level 1—Use of server certificate on WLC and a CA root certificate.
Level 2—Use of server certificate on WLC, one single CA intermediate certificate, and a CA root certificate.
Level 3—Use of server certificate on WLC, two CA intermediate certificates, and a CA root certificate.
WLC does not support chained certificates more than 10KB size on the WLC.
Note: Chained certificates are supported for web authentication only; they are not supported for the management certificate."
So the WLC can´t decode the peer certificate. -
Crystal Reports export and print fails with SSL / https but works with http
Windows 2008 Server, 32-bit (IIS7)
ASP.NET 2.0
Ajax 1.0
Crystal Reports version 10.5.3700.0
http: printing works, export works
https: printing not working, only export to MS Excel and MS Word work.
I am able to generate reports using both http and https, and the toolbar icons are all showing. However, I am unable to print or export properly with SSL.
Printing prompts me with a select printer window, and then a window 'Retrieving Page 1' follow by two messages from Crystal Print Control both stating:
A communication error occured. Printing will be stopped.
Exporting generates various errors depending on which export method is being selected (however Excel and Word work over https).
I've found the same problem on this site and other forums, but never a resolution to get exporting and printing to work with SSL. Will someone please provide me assistance or possibly relay what settings they're using if they have Crystal Reports export or printing working over SSL in IIS7? Everything works fine when I change the address from https to http.
Please let me know if I can help by providing further information. We've gone through a great deal of possible solutions with code and I'm currently looking in to IIS settings again.
Thank you.Thanks Ludek. I got it by searching KB number.
Unfortunately, it didn’t fix my problem even my IE (IE8 and IE 9) has correct setting. I double check my version. PrintControl.CAB is version 10.2.0.1146. we use VS 2005 Crystal report and VB .NET. It works fine on HTTP. But when we use HTTPS (SSL Certificate from go daddy).
1: Crystal report export
Export to MS Excel, Word: pop us “File download”, then click “Save”. It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
Export to RPt, Rich text format: It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
Export to PDF : nothing happened.
2: Print:
Pop up dialog to select printer, click “Print” “. Shows windows “Crystal Report Viewer” and pop us error message box. Title is “Crystal Print Control”. Message is “An communication error occurred. Printing will be stopped”. Click “OK” and pop up error message box again.
Please advise.
Thank you very much! -
Windows Server 2008 R2 with multiple Roles OS Rebuild, Need help with Certificates.
Hi,
I have rebuilt a Server for my client and I require help with certificates..
I am unsure exactly what to do to get this server working as it was.
Example, The Windows Server 2008 R2 has Microsoft Exchange, DNS, DHCP, ADDS, FileServices,Network Policy and access Services and Webservices roles installed on a single box.
Since the Server OS Rebuild I am getting 2 issues that pop up usually when Outlook in opened on a client Workstation,
I have not dont anything certificate wise to the server since OS Install, and the messages I get and best described here
I seen on a backdrive, a few certificate files I dont know if we can use these files for anything but we have the following files of drive E (Backup)
e:\server.xxxx.com.au\gd_iis_intermediates.p7b
e:\server.xxxx.com.au\server.xxxx.com.au.crt
e:\ssl\2013-2018.cer
1st Message is about a Proxy certificate I dont get this often but saw it today and my client clicked ok too quickly.
I have seen it and didnt see it again after trying to close outlook and reopen
I looked up google images and tried to find it...
It's like this, (There is a problem with the proxy server's security certificate.
The security certificate is not from a trusted certifying authority.)
2nd Message is about Security Alert, Autodiscover.xxxx.com.au Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.
-X- The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certificating authority
-TICK- The security certificate date is valid
-X- The name on the security certificate is invalid or does not match the name of the site
Do you want to preceed
[Yes][No][View Certificate ...]
3rd Message is very Close to the 2nd Message, is about Security Alert, xxxx-server.xxxx.local, Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.
-X- The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certificating authority
-TICK- The security certificate date is valid
-TICK- The name on the security certificate is invalid or does not match the name of the site
Do you want to preceded
[Yes][No][View Certificate ...]
If you can help guide me thou this as I'm very new to setting up certificates. I had a friend tell me about something in DNS.. but he has been super busy and I want to learn what to do.
Thank-You.Hiya,
quite a lot has the same confusions as you do, so I've written a simple explanation on the subjet of certificates
http://jesperarnecke.wordpress.com/2014/03/22/certificates-simple-explanation/
Let me know if that helps you and if you need further assistance.
Maybe you are looking for
-
Config Office Add-In - Connection to BI Office Server
Dears, I've installed the office-add in..so far so good. But now when I want to login to the addin in excel, I've to set up a connection to the office server. Can anyone help me with that...I'm always failing, even after following the installation gu
-
How to load stocks for the months prior to initialization ?
Hello, We load a cube stock from 3 ODS for BF,BX and UM extractors. We are in a monthly snapshot scenario(we have read the specific how to but we must use 3 ODS one for each datasource because of data integrity (strong customer architecture contrains
-
Clear Cache when I hit logout navigation bar item
I want to clear all of my cache from the browser once the user logout. Please advise me. Thanks
-
Hi All, I am new to XML concept. I have a requirement to create a xml schema which will be updated on a weekly basis and a table which associated to the created xml schema.. when ever the Schema is updated the table should not get affected.. Is there
-
Parallel Valuation Area Initialization Question
Our Treasury configuration was originally not set to post to our parallel valuation area. For the past few months we have been doing Journal Entries to true-up the parallel ledger to the operative ledger. I have completed the configuration to post