Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
0
Helpful
1
Replies

Meaning of EAP-TLS errors in ACS

john64135
Level 1
Level 1

‎12-08-2013 11:24 PM - edited ‎03-10-2019 09:10 PM

Hi Guys,

I'm trying to get a device authenticated to my wireless network using certificates. I get the generic error in ACS (4.2.0.124):

EAP-TLS or PEAP authentication failed during SSL handshake

Looking in the Auth log I get:

AUTH 12/09/2013 15:56:40 E 2255 3096 0x8b7ea5 EAP: EAP-TLS: ProcessResponse: SSL send alert fatal:handshake failure

AUTH 12/09/2013 15:56:40 E 2258 3096 0x8b7ea5 EAP: EAP-TLS: ProcessResponse: SSL ext error reason: c7 (Ext error code = 0)

AUTH 12/09/2013 15:56:40 E 2297 3096 0x8b7ea5 EAP: EAP-TLS: ProcessResponse(1519): mapped SSL error code (3) to -2120

AUTH 12/09/2013 15:56:42 E 3159 297052 0x0 AuthenReaper thread : Session Timed out since challenge not provided, freeing it

Can anyone help me with the reason codes or point me in the right direction?

Thanks,

John.

Labels:
0 Helpful
1 Reply 1

parsahoo
Cisco Employee
Cisco Employee

‎12-09-2013 12:39 AM

Hi John,

This is mostly due to improper certificate installed on either the server or on the client machine.

Considering the issue with only one client I guess the server is clean.

Can you verify if proper root certificate, intermediate certificate and the id certificates are installed on client?

You can also regenerate a new machine ID cert for the client and give a try.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents