Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2689
Views
10
Helpful
5
Replies

[Cisco ACS 5.2] EAP-TLS reauthentication fails

Go to solution
Patrick Tran
Level 1
Level 1

‎01-14-2013 07:55 AM - edited ‎03-10-2019 07:58 PM

qu'on s'e

Hello,

I configured WiFi connection on Windows XP and Windows 7 with EAP-TLS (using Cisco WLC 7.0.235.3 and Cisco ACS 5.2.0.26.10). It is configured with computer authentication and computers certificates are autoenrolled from Microsoft PKI.

It works well!

Now I configured Windows 8 with same configuration.

First authentication works but if I manually disconnect and reconnect, I got this error on ACS: 22047 Principal username attribute is missing in client certificate

In EAP packets, we could see that Windows 8 sent a TLS session ticket but session was not resumed correctly by ACS...

On ACS configuration, we checked this option "Enable EAP-TLS Session Resume" with session timeout "7200"

I found this bug

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn26538&from=summary

It seems to be my problem but reboot is not working in my case...

It is fixed in 5.3(0.40.2) .

I planned to install 5.4 version.

Do you know if this fix is supported by 5.4 ?

Thanks for your help,

Patrick

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎01-15-2013 02:47 AM

Hi Patrick,

What is fixed in 5.3 must be fixed in 5.4.

Even if the same issue is appearing with 5.4 it will have a different bug ID and identified as an independent problem (with different root cause usually)

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎01-15-2013 02:47 AM

Hi Patrick,

What is fixed in 5.3 must be fixed in 5.4.

Even if the same issue is appearing with 5.4 it will have a different bug ID and identified as an independent problem (with different root cause usually)

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
Patrick Tran
Level 1
Level 1
In response to Amjad Abdullah

‎01-21-2013 11:51 PM

Thanks for your reply.

Patrick

0 Helpful

Go to solution
gegunther
Level 1
Level 1
In response to Patrick Tran

‎10-30-2013 01:36 AM

Hi,

Did the ACS update fix this issue ? If so, which version did you update ? 5.3, 5.4 ?

I have the same problem. WIFI access with W7 et XP works fine. But with W8, after a disconnection, I am unable to reconnect to wifi. I have to restart the computer to be able to connect again to wifi.

Network team checked Cisco ACS logs and told me that :

  •           on first connection, laptop presents itself with LAPTOPNAME username.
  •           on reconnection, laptop presents itself with host/LAPTOPNAME username.

And the same error number : ACS: 22047 Principal username attribute is missing in client certificate

Thanks in advance for your response.

Georges.

0 Helpful

Go to solution
Patrick Tran
Level 1
Level 1
In response to gegunther

‎11-04-2013 12:30 AM

I installed 5.4 version and it solved this problem

Patrick

Go to solution
gegunther
Level 1
Level 1
In response to Patrick Tran

‎11-04-2013 12:33 AM

Thanks for your quick reply

0 Helpful
Customers Also Viewed These Support Documents