Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2747
Views
0
Helpful
3
Replies

TLS Handshake fails on Mac OS X

ThoDoepke
Level 1
Level 1

‎10-10-2013 06:44 AM - edited ‎03-10-2019 08:59 PM

Hello,

We have a problem with the authentication of Mac OS X 10.8 devices on our wireless network. We are using ISE version 1.2 with patch 2 and a 2504 with version 7.4.115 as WLC. The device should be authenticated with a client certificate over eap-tls.

In general this setup works fine. But we have problems with two Macs which don’t finish the TLS handshake for authentication. ISE shows “5440 Endpoint abandoned EAP session and started new“ as error message. The Client log shows a missing or not completely received server certificate.
We also made several traces to find the point at which the server certificate gets lost. But actually the client receives the complete server hello from the tls handshake and simply doesn’t respond.

Finally we found the problem in this case. It was the Bluetooth connection to an Apple magic mouse. After deactivating the Bluetooth connection the authentication works fine. When the connection is established you can reactivate Bluetooth. But this is more a workaround than a solution.
Also interesting is the fact that it doesn’t work with this specific controller but it works fine with another one with almost identical configuration.
We got a hint from an apple specialist that changing the channel might help because of interference but it makes no difference.

2 people had this problem
Labels:
0 Helpful
3 Replies 3

Matthew Hines
Level 1
Level 1

‎11-07-2013 08:02 AM

We are also recently having pretty much the same issue; however, our issue is with Apple IPods, IPads, and IPhones. Using EAP-TLS, Cisco WLCs 5508s running 7.4.110. Have a tac case open now trying to re-duplicate the issue. It seem in previous versions maybe 1.2 patch 1, I didn't notice the failures as often? Not sure. Any help in answering this question would be helpful.

0 Helpful

Philip Vilhelmsson
Level 1
Level 1
In response to Matthew Hines

‎11-14-2013 12:53 AM

I am experiencing the same problem on one PC. Have to do a spectrum sweep to see if it is a bluetooth problem.

Matthew did you find a solution together with TAC?

0 Helpful

hermodfinjord
Level 1
Level 1
In response to Philip Vilhelmsson

‎11-19-2013 03:50 AM

Hi

I have the same problems with a viritual WLC and ISE v1.2. Windows 7 clients cant connect to their WLAN and the ISE log fills with authentication error messages.

5440 Endpoint abandoned EAP session and started new

Have you heard anything from TAC?


0 Helpful
Customers Also Viewed These Support Documents