[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 748
  • Last Modified:

Android Enterprise WiFi Issue

Hello everyone,

I have a Nexus 7 tablet that I have been trying to connect to our enterprise wireless system with no luck. We use certificate authentication for all of our devices.  I am able to load the certificates onto the device and install them. When setting up the connection, we use TLS and no Phase 2 authentication. I select the correct certificates for the connection, but there is always an authentication issue. I have tried different file extensions on the certificates including .cer, .pem, and .pfx with no luck from any of them. Does anyone have suggestions on where to go from here???

Thanks
0
mcsween
Asked:
mcsween
  • 4
  • 3
2 Solutions
 
Craig BeckCommented:
The logs from the RADIUS server would be handy, if you could post them?
0
 
mcsweenSr. Network AdministratorAuthor Commented:
Attached is a chunk of the log; the user in question is WiFiAuth@mydomain.local (This is who the certificate deployed to the Android belongs to).
IN1311.log
0
 
Craig BeckCommented:
Can you locate one specific log for the user in the Custom Logs view and paste a screenshot of the event?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
mcsweenSr. Network AdministratorAuthor Commented:
I figured out my issue.  While trying to gather the screenshot for you I noticed it wasn't even hitting the RADIUS server so I went back to the Cisco WLC logs and found the message
*dot1xMsgTask: Nov 22 16:42:04.000: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2992 Max EAP identity request retries (3) exceeded for client [MAC ADDRESS HERE]
I ended up adding the username to the identity field on the Android and it connected like a champ.  I didn't think I would have needed that as there is no phase two authentication and the certificate should present my identity.
0
 
Craig BeckCommented:
Glad you got it working.

Just make sure that your client is actually using EAP-TLS to authenticate, and not using PEAP-MSChapV2.  If PEAP is being used it's likely that your user certificate isn't being requested.
0
 
mcsweenSr. Network AdministratorAuthor Commented:
Thanks; the way I have my NPS Network Policies setup that couldn't happen as only the IT staff is allowed to authenticate with PEAP, everyone else must present a certificate or they will be rejected.
0
 
mcsweenSr. Network AdministratorAuthor Commented:
I solved my own problem but craigbeck's comments got me moving in the right direction so I'm awarding the points to them.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now