DOT1X-3-USER_LOGIN_DENY: Authentication rejected for user host

Unanswered Question
Aug 24th, 2009

I've inherited a network with this ongoing issue. This is a mobility express setup, with wlc526's and 521 ap's. 2 controllers and 5 ap's. After a certain amount of people start logging on, roughly 125-140, we start getting these errors for users who try to authenticate thereafter. The users will stay in a "validating identity" state. Error message is as follows:

DOT1X-3-USER_LOGIN_DENY: Authentication rejected for user host - user may already be logged in

It seems as if there's a dissassociation issue where users who move, don't get properly dissassociated. What is odd is that it only happens during high usage..and if you reset the controller(s), it temporarily fixes it for a period of time. This issue was VERY prevalent when there was only 1 controller, it would happen every other day or so, with the rebooting fixing it momentarily. After an extra WLC was added, the issue went away for about 3 weeks. Just this morning however, I reared it's ugly head again. What is odd is the other WLC didn't experience the same problem. I've divided the the ap's between the 2 controllers and oddly enough, controller 2 isn't having the issue. These 2 controllers are physically separated. Prior to me doing this, users in both buildngs were experiencing this issue. As of today, I'm only seeing this issue in the original controller. I'm planning to replace it. Not sure if this would matter or not but, Celsius wise, it's constant at 46 degrees. The other is 10 degrees Celcius less. Not sure why that would even be an issue. If it was, it would happen anytime of the day. This ONLY happens when it's peak usage. Is there a caching issue somewhere that I'm missing that I can resolve? Is there too much competition for the AP's? I've looked at everything and none of them seem to completely explain my problem. Can someone please shed some light? I've checked on our Radius server, no idication of authentication/logging errors.

We're running code 4.2.61.8.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
owillins Fri, 08/28/2009 - 06:20

This error message says user authentication failed. The most likely cause is that the user name is already in use by another client. So please ensure that unique user names are used by each client.

grussell00 Wed, 07/21/2010 - 13:19

I am having the exact same issue and I hope to get answers soon. Users get stuck with "Validating Identity" when attempting to connect.  I posted my error as well below. I hope this is a known bug.

Jul 21 16:12:56.112 1x_auth_pae.c:2388 DOT1X-3-USER_LOGIN_DENY: Authentication rejected for user ******* - user may already be logged in
Jul 21 16:12:56.112 apf_ms.c:4754 APF-1-USER_ADD_FAILED: Unable to create username ********** for mobile00:13:ce:6d:97:94

Actions

This Discussion