07-15-2014 07:46 AM - edited 03-10-2019 09:52 PM
Hi all,
We have ACS 5.1, WLC 7.0.98.0 and EAP-TLS. Wireless clients trying to access the network via one of our WLC 5508s are not getting authenticated. I can see the following on ACS:
"11514 Unexpectedly received empty TLS message; treating as a rejection by the client"
which usually means certificate errors / CA problems but clients coming on via other controllers are fine. Any suggestions?
I saw another post which suggested to check the time and discovered that the controller in question was an hour out as the time delta was not set the same as other controllers. However correcting this has not helped.
Many Thanks
Scott
07-15-2014 09:06 AM
Could you please check the validity of the server/identity certificate on ACS 5.1
To me it seem that server certificate has been expired.
What EAP flavor are you using peap-mschap?
Regards,
Jatin Katyal
**Do rate helpful posts**
07-16-2014 01:42 AM
Symptoms or Issue | User authentication is failing on the client machine, and the user is receiving a "RADIUS Access-Reject" form of message. |
Conditions | (This issue occurs with authentication protocols that require certificate validation.) Possible Authentications report failure reasons: • • Click the magnifying glass icon from Authentications to display the following output in the Authentication Report: • • • • • • • • • • • • • • • • • Note |
Possible Causes | The supplicant or client machine is not accepting the certificate from Cisco ISE. The client machine is configured to validate the server certificate, but is not configured to trust the Cisco ISE certificate. |
01-22-2018 07:42 AM
We experienced just this issue and it was that the certificate on ISE for RADIUS expired.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide