We used RADIATOR with Cisco WLC and Cisco AP in our WiFi architecture.
We just replaced RADIATOR with Cisco ACS 5.2 .
Few computers with Windows XP SP3 have this error : 11514 Unexpectedly received empty TLS message; treating as a rejection by the client
While trying to negotiate a TLS handshake with the client, ACS expected to receive a non-empty TLS message or TLS alert message, but instead received an empty TLS message. This could be due to an inconformity in the implementation of the protocol between ACS and the supplicant. For example, it is a known issue that the XP supplicant sends an empty TLS message instead of a non-empty TLS alert message. It might also involve the supplicant not trusting the ACS server certificate for some reason. ACS treated the unexpected message as a sign that the client rejected the tunnel establishment.
Resolution Steps :
Ensure that the client's supplicant does not have any known compatibility issues and that it is properly configured. Also ensure that the ACS server certificate is trusted by the client, by configuring the supplicant with the CA certificate that signed the ACS server certificate. It is strongly recommended to not disable the server certificate validation on the client!
Most of the computers (hundreds of Windows XP and Windows 7) got no problem.
ACS says "it is a known issue that the XP supplicant sends an empty TLS message instead of a non-empty TLS alert message".
If it was a known issue, we would have this error for other computer but we don't have (fortunately )
Wireless profile is sent to computers using GPO so they trust ACS server certificate...
Do you know how to correct this issue on XP supplicant? I dont find this issue on Google
One way to troubleshoot is to physically have one of the laptops and see if unchecking the box that validates the server certificate fixes the issue. I have seen the same issue as you are seeing before and I would like for you to verfiy that.
If that doesnt fix the issue then we will have to proceed to taking a wireshark of the client and running a few debugs on the ACS.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...