Solved

Android Enterprise WiFi Issue

Posted on 2013-11-21
7
716 Views
Last Modified: 2013-11-27
Hello everyone,

I have a Nexus 7 tablet that I have been trying to connect to our enterprise wireless system with no luck. We use certificate authentication for all of our devices.  I am able to load the certificates onto the device and install them. When setting up the connection, we use TLS and no Phase 2 authentication. I select the correct certificates for the connection, but there is always an authentication issue. I have tried different file extensions on the certificates including .cer, .pem, and .pfx with no luck from any of them. Does anyone have suggestions on where to go from here???

Thanks
0
Comment
Question by:mcsween
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39668541
The logs from the RADIUS server would be handy, if you could post them?
0
 
LVL 22

Author Comment

by:mcsween
ID: 39668899
Attached is a chunk of the log; the user in question is WiFiAuth@mydomain.local (This is who the certificate deployed to the Android belongs to).
IN1311.log
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 500 total points
ID: 39669086
Can you locate one specific log for the user in the Custom Logs view and paste a screenshot of the event?
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 22

Accepted Solution

by:
mcsween earned 0 total points
ID: 39669470
I figured out my issue.  While trying to gather the screenshot for you I noticed it wasn't even hitting the RADIUS server so I went back to the Cisco WLC logs and found the message
*dot1xMsgTask: Nov 22 16:42:04.000: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2992 Max EAP identity request retries (3) exceeded for client [MAC ADDRESS HERE]
I ended up adding the username to the identity field on the Android and it connected like a champ.  I didn't think I would have needed that as there is no phase two authentication and the certificate should present my identity.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39669496
Glad you got it working.

Just make sure that your client is actually using EAP-TLS to authenticate, and not using PEAP-MSChapV2.  If PEAP is being used it's likely that your user certificate isn't being requested.
0
 
LVL 22

Author Comment

by:mcsween
ID: 39669504
Thanks; the way I have my NPS Network Policies setup that couldn't happen as only the IT staff is allowed to authenticate with PEAP, everyone else must present a certificate or they will be rejected.
0
 
LVL 22

Author Closing Comment

by:mcsween
ID: 39680236
I solved my own problem but craigbeck's comments got me moving in the right direction so I'm awarding the points to them.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hopefully this article will help someone who's had the same issues I had. I have a Dell Wireless 1390 WLAN Mini-Card and Windows 7, and for the past couple of days I was beyond frustrated because my wireless laptop was not able to access the Inte…
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
This Micro Tutorial will demonstrate Moz's free MozBar that for some reason our Facebook mark did not get ported over, so this tutorial will show you how it saved us.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question