Some wireless users on Windows 7 intermittently cannot connect to wireless. WLC error #DOT1X-3-INVALID_WPA_KEY_MSG_STATE:

Hello EE,

I see several errors in my WLC #DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:848 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client <MAC>

It appears some users can't get on wireless, but reloading drivers often resolves or reinstalling VPN.  Cisco reviewed and gave me this, but wondering if any others are having it or know of why it happens when other SSIDs do work would think it's WLC configuration but client seems to be the issue

Error Message    %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: Received invalid [chars] msg in[chars] state - [chars]; len [int], key type [int], client[hex]:[hex]:[hex]:[hex]:[hex]:[hex]
Explanation    Client authentication failed because of an authentication protocol error between the client and access point.
Recommended Action    If the problem persists, try upgrading the client driver software or using different client software to isolate the cause. Also investigate possible intruder activity.
Reference Link:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Satyendra SharmaMicrosoft UC Technical ArchitectCommented:
Is the wifi chipset Intel AC 7260?

I had something similar going on and finally after working with Intel they released a new driver version ( which improved the situation, i don't think the driver version i got is yet available publicly but definitely updating client driver to the latest you can get to first.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Satyendra SharmaMicrosoft UC Technical ArchitectCommented:
Craig BeckCommented:
Which version of code are you running on the WLC (and which WLC model do you have)?
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

operationsITAuthor Commented:
We have the 5508 controller and confirmed we were on the latest recommendation by cisco last week
Craig BeckCommented:
Ok, which version did they recommend?
operationsITAuthor Commented:
Craig BeckCommented:
That's the latest 'stable' release but that doesn't mean it's bug-free.

Have you tried with a different version?
operationsITAuthor Commented:
Not yet as we were told to upgrade because of the issue and it didn't fix it so before I do it again with same results wanted to ping others to see of they had similar issues and what they experienced or did to resolve
Craig BeckCommented:
So you had the issue with a previous version, then you upgraded?

What version were you running before the upgrade?
operationsITAuthor Commented:
Yes with both versions

I believe it was 7.3.112 or 113
Craig BeckCommented:
Normally I would say ok fair enough, but 7.3 is probably the worst version ever! 8.0 isnt without its issues either.

If it were me I'd be putting or on the WLC to test, then if it's still the same try getting some help from the client's NIC vendor.
operationsITAuthor Commented:
Have you experienced this as I"m curious as Satyendra Sharma indicated and I've been hearing from others as well regarding driver related.
Satyendra SharmaMicrosoft UC Technical ArchitectCommented:
Have you tried updating driver yet?
Craig BeckCommented:
I have seen issues with 7.3.  Cisco pulled it pretty quickly actually.  You can't download it any more.

I've seen a few support issues with 8.x code which relate to similar issues.

If there is a readily available driver that you can try which is different to what you have on the clients now you should try that.  Otherwise you'll have to approach the vendor to see if they can provide a custom driver for you to try.
operationsITAuthor Commented:
Updating the driver did it but I'm wondering if anyone knows why when I can connect to other SSID fine is this the resolve?
operationsITAuthor Commented:
Only resolve so far is driver update
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Hardware

From novice to tech pro — start learning today.