WLC User Login error

Ralf_Geronimo · ‎03-01-2012

%DOT1X-3-USER_LOGIN_DENY: 1x_auth_pae.c:2566 Authentication rejected for user ******** - user may already be logged in

%APF-1-USER_ADD_FAILED: apf_ms.c:5665 Unable to create username ******** for mobile

WLC Version: 7.0.220.0

intermittent problem

Help me please!

Justin Kurynny · ‎03-02-2012

Ralf,

How many concurrent logins do you allow on your controller? Security tab --> User Login Policies

Justin

jasonrakers · ‎11-14-2012

I am having this same problem, if anyone has any suggestions. concurrent logins is set to 0.

Scott Fella · ‎11-14-2012

Are you using radius? If so, check the radius configuration. Some have the ability to also set the max login.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

chanseeyee · ‎12-02-2012

Hi,

I'm having the same issue as well.. Any advise?

Scott Fella · ‎12-02-2012

If your issues is with multiple logins, make sure your allowing that on the WLC. If you look at the image I posted, I'm limiting multiple logins with the same username to '2'. You can set this from 1-8 or else '0' is unlimited.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

smayanja123 · ‎12-03-2012

Are you using a radius server and AD ? Did u configure user-dialin- properties to allow the groups ?

Sam

Sent from Cisco Technical Support iPad App

chanseeyee · ‎12-03-2012

Let me check with our client first and revert back once we received the feedback from them... FYI, this issue had been resolved after rebooted the WLC.. Currently, everything is working fine and we wish to find a root caused, if possible.

Scott Fella · ‎12-04-2012

Well after a reboot, I don't think you will be able to find the root cause until it happens again. Maybe your radius connection to the WLC failed.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

banavathkiran · ‎03-22-2013

Im also facing the same Issue right now.. I haven't rebooted the controller, My primary controller is deactivated from the global list and seconday controller is running. But i could able to reach my primary controller(pinged from controller-radius

server (which is over WAN connections, not local i.e differrent geograhical area)

*Dot1x_NW_MsgTask_2: Mar 22 13:23:31.372: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:3028 Max EAP identity request retries (3) exceeded for client 30:f7:c5:c4:43:6a

*Dot1x_NW_MsgTask_2: Mar 22 13:23:31.372: %DOT1X-3-USER_LOGIN_DENY: 1x_auth_pae.c:2566 Authentication rejected for user 00005115 - user may already be logged in

*Dot1x_NW_MsgTask_2: Mar 22 13:23:31.372: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:3028 Max EAP identity request retries (3) exceeded for client 30:f7:c5:c4:43:6a

*Dot1x_NW_MsgTask_2: Mar 22 13:23:31.372: %DOT1X-3-USER_LOGIN_DENY: 1x_auth_pae.c:2566 Authentication rejected for user 00005115 - user may already be logged in

concurrent logins is set to 0 (unlimited logins). what would be the reason behind this? Same issue we faced 2 months ago then we have rebooted the WLC and it worked Fine.

Again now we are facong the same issue. Reboot won't be permanent resolution to this, Please can you let me know the root cause.

Thank you in advance..

jasonrakers · ‎03-22-2013

I don't know the root cause, but I know upgrading the WLC to newer code fixed the problem for me. We are now at 7.0.235.3 without incidents.

Saravanan Lakshmanan · ‎03-31-2013

you could be hitting a bug on that code.

what code are you running, let me try bug scrub.

Ralf Geronimo - 7.0.220.0

chanseeyee - ?

kiran kumar - ?