cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

740
Views
0
Helpful
1
Replies
Highlighted
Beginner

Authentication Failure in Cisco Secure ACS v4.1

Hi, I added a user in the Cisco Secure ACS and I am getting the following Authen-Failure-Code in Failed Attempts:

EAP-TLS or PEAP authentication failed during SSL handshake.

When I run Support in System Configuration > Support, I get the following in the auth.log:

AUTH 05/15/2008 16:55:40 I 0928 3320 AuthenProcessResponse: process response for 'FE:A3:C4:00:32:40'

AUTH 05/15/2008 16:55:40 E 0381 3320 EAP: TLS: ProcessResponse: SSL handshake failed, status = 3 (SSL send alert fatal:decode error)

AUTH 05/15/2008 16:55:40 E 0381 3320 EAP: TLS: ProcessResponse: SSL ext error reason: 87 (Ext error code = 0)

AUTH 05/15/2008 16:55:40 E 0381 3320 EAP: TLS: ProcessResponse(1519): mapped SSL error code (3) to -2120

Does anybody know, what the issue could be. I was able to find info about 2120, but don't know what exactly this means, other than that the authentication failed:

UDB_EAP_TLS_HANDSHAKE_FAILED

Thank you,

Jutta

1 REPLY 1
Highlighted

Re: Authentication Failure in Cisco Secure ACS v4.1

Jutta,

SSL alert fatal:decode error: That means basically, the client has a problem with decoding the root certificate.

Please make sure that client has CA installed. If you are doing peap and uncheck validate server certificate on wireless setting on the client.

Regards,

~JG

Do rate helpful posts