cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1116
Views
4
Helpful
9
Replies

Cant connect to network, but first time work

maximeg0189
Level 1
Level 1

Hello,

I am having a complicated issue, I am doing some test with the TAC but its a bit more than that I believe. Here is my problem, when you connect the the network the first time it work fine. If you click disconnect and reconnect it says ''Cant connect to this network'' every single time. you either have to reboot or wait 10m and try again it will work.

We have a SDA Fabric / Certificate auth for the corpo wireless. but it always work the first time, after 10m or after a reboot.

I did a radioactive trace from WLC. The success attempt is a 30-60s trace of the login and the failed one is the same. Success one is bigger size because I waited for the connection success and the failed one fails right away.

Thank you for the help in advance

 

**More info, The issue started 2 months ago, it worked perfectly before that. I did tons of OS-side troubleshooting but nothing works on the OS side it wont reconnect.

1 Accepted Solution

Accepted Solutions
9 Replies 9

jalejand
Cisco Employee
Cisco Employee

Can you upload the RA trace from the WLC with the failed attempt?

Sorry really thought I did... let me give you some context.

 

SuccessLogin is RA after a reboot, first connection

Second is after I hit ''Disconnect'' and ''Reconnect'' right away and it failed

 

but it also fail if I move in the building with the laptop it doesnt connect to other aps without a reboot or 10minutes without changing location

well... from this entry "

%DOT1X-5-FAIL: R0/0: wncd: Authentication failed for client (6449.7d7f.ec57) with reason (Cred Fail) on Interface capwap_9000000c AuditSessionID 11296E0A000747215E2CFB83 Username: host/L301043.******.org" it looks like endpoint fails to authenticate. do you have failed session record from ISE?

Yes this is the error I have but we use certificate authentication so there is no username-password to actually enter.

 

First time it work right away Certificate is fine but if you move in the building or disconnect-reconnect it gives this error

so do u have the failed log entry from ISE to share it here?

This is the failed authentification log. I will try to do endpoint debug in ISE. Maybe I can see which certificate is used each attempt.

Do you have any troubleshooting step I could do I think the issue is most likely related to the certificate bein used

Interesting case. u have rightmost output cut of pdf thus i can only guess about what is in use.

22072 Selected identity source sequence - ISQ_
22070 Identity name is taken from certificate attr
22047 User name attribute is missing in client ce
Subject - Common Name

looks like ISE complains on either the client certificate's attribute Subject CN is missing or contains wrong data.  try to collect tcpdump of failed session on the PSN. you will find in the capture certificate sent by client. there should be CN= attribute & i guess it should look like  hostname or FQDN.

Hello Andy,

I found something wierd, When I do the Endpoint debug, it suddenly work. I can connect/disconect/connect without any issues. as soon as I end the debugger the issue happen again it saays ''Cant connect to network''.

 

i'd advice to open case in TAC.

Review Cisco Networking for a $25 gift card