Solved

Android Enterprise WiFi Issue

Posted on 2013-11-21
7
692 Views
Last Modified: 2013-11-27
Hello everyone,

I have a Nexus 7 tablet that I have been trying to connect to our enterprise wireless system with no luck. We use certificate authentication for all of our devices.  I am able to load the certificates onto the device and install them. When setting up the connection, we use TLS and no Phase 2 authentication. I select the correct certificates for the connection, but there is always an authentication issue. I have tried different file extensions on the certificates including .cer, .pem, and .pfx with no luck from any of them. Does anyone have suggestions on where to go from here???

Thanks
0
Comment
Question by:mcsween
  • 4
  • 3
7 Comments
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
The logs from the RADIUS server would be handy, if you could post them?
0
 
LVL 21

Author Comment

by:mcsween
Comment Utility
Attached is a chunk of the log; the user in question is WiFiAuth@mydomain.local (This is who the certificate deployed to the Android belongs to).
IN1311.log
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 500 total points
Comment Utility
Can you locate one specific log for the user in the Custom Logs view and paste a screenshot of the event?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 21

Accepted Solution

by:
mcsween earned 0 total points
Comment Utility
I figured out my issue.  While trying to gather the screenshot for you I noticed it wasn't even hitting the RADIUS server so I went back to the Cisco WLC logs and found the message
*dot1xMsgTask: Nov 22 16:42:04.000: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2992 Max EAP identity request retries (3) exceeded for client [MAC ADDRESS HERE]
I ended up adding the username to the identity field on the Android and it connected like a champ.  I didn't think I would have needed that as there is no phase two authentication and the certificate should present my identity.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Glad you got it working.

Just make sure that your client is actually using EAP-TLS to authenticate, and not using PEAP-MSChapV2.  If PEAP is being used it's likely that your user certificate isn't being requested.
0
 
LVL 21

Author Comment

by:mcsween
Comment Utility
Thanks; the way I have my NPS Network Policies setup that couldn't happen as only the IT staff is allowed to authenticate with PEAP, everyone else must present a certificate or they will be rejected.
0
 
LVL 21

Author Closing Comment

by:mcsween
Comment Utility
I solved my own problem but craigbeck's comments got me moving in the right direction so I'm awarding the points to them.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you are having problems installing printer drivers, or if documents repeatedly get stuck in the print queue even after re-installing the printer drivers, then follow these steps to solve the problems. Please note that the steps are shown both for…
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will demonstrate Moz's free MozBar that for some reason our Facebook mark did not get ported over, so this tutorial will show you how it saved us.
This Micro Tutorial demonstrates how to disable your ad blocker for some sites. In case Marketers would like to see ads on a site, this allows them to possibly view their competitors without have ads run on every site they visit.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now