I have been having a weird issue with my ACS server. Clients that are configured for our wireless cannot login. We have internal laptops to auth. by machine name. This way anyone in our domain can log into the laptop. Once in awhile the user receive a "domain cannot be found" msg. We watch the authentication process with an analyzer and can tell authentication is not taking place. We reboot the ACS server and everything works. Has anyone seen this or know what is going on.....or where to look?
The version is 4.0, it is a windows 2003 server. The acs service is running at the time. If we plug the laptop in with a cable, log in, the wireless connects. The clients wirless if managed by windows and starts up during the startup process. (It happens on 30 laptops and clears when the server is rebooted)I monitor the ap's through our controllers (4400) and their is nothing indicating and issues at the time. After the reboot things work fine for awhile, then I get a call stating they can't get on, reboot and it's fine. In the reports log under failed authentication I do notice this "EAP-TLS or PEAP authentication failed during SSL handshake" for the several of the users we were testing with at the time of the issue.
The error " EAP-TLS or PEAP authentication failed during SSL handshake " is mainly because of certificates issue . Either certificate on ACS got corrupted or expired OR Client is not able to validate root certificate with ACS.
Make sure that certificate installed on ACS was generated with key length of 1024.
Please also install this patch and you will see the improvement.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...