We have recently upgraded our ACS servers to version 4.1(4) Build 13. After upgrade we receive a lot of error messages in our "Failed Attempts" log of the type:
Authen session timed out: Challenge not provided by client
These started right after the upgrade. But we have had clients with connectivity problems for quite a while before the upgrade, but never any entries like these in our logs. So I'm beginning to suspect that the new ACS is logging more than the old version and that this error message might be the reason our clients have experienced drops in WLAN connection before.
The RADIUS session timeout is identical on both our WLCs and ACS (set to default of 3600). I'm considering disabling the session timeout on both ACS and WLC to see if this will have an affect.
Is there any other reason why these messages would appear?
When I examine the logs on the ACS server I can see that it sends the challenge but never receives an answer from the client. WLAN coverage should be good (radio survey performed and no coverage holes reported in WLC/WCS).