Core issue

This issue occurs due to the presence of Cisco bug ID CSCsb47726.

The WLSE fails to reach Security Keys Setup when Cisco Secure Access Control Server (ACS) for Windows or the Cisco Secure Solution Engine is used as the RADIUS server. This is noticed regardless of the WLSE version, and is specific to Cisco Secure ACS version 3.3.3 and later.

Resolution

The fix for this bug is a patch that needs to be installed on Cisco Secure ACS. In order to download the patch, open a service request with the Cisco Technical Assistance Center (TAC).

Complete these steps in order to install the patch on the ACS software:

1. Browse to C:\Program Files\CiscoSecure ACS v3.3\Support.
   
2. Re-name the AironetEAP.dll file to AironetEAP.dll.bak.
   
3. Copy the new AironetEAP.dll to the same folder
   
4. Re-start the ACS services.

Complete these steps in order to install the patch on the ACS Solution Engine:

1.   Run the autoexec.bat file from inside of the patch directoryy.

2.   Log into ACS

3.   Choose System Configuration > Appliance Upgrade Status and select the appropriate download.

4.   Enter the IP address of the computer from which you run the autoexec.bat file.

5.   After you have uploaded the patch to the ACS, click Install Upgrade.

6.   Re-start the ACS services.

Note: Make sure to create an ACS backup before the patch is applied.

An alternate workaround to resolve this issue is to use IOS Local Authenticator which does not scale well for any reasonable sized network.

For more details on this issue, refer to WLSE - AP/WDS fails to complete full authentication phase.