Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
247
Views
1
Helpful
6
Replies

Cisco Secure Client NAM - Incorrect PSK

Chris Terry
Level 1
Level 1

ā€Ž07-01-2024 10:55 AM

We have a user that keeps receiving the error stating an Invalid PSK when connecting to their home network. They are 100% sure they are typing it correctly. The user can connect the first time after adding The network via NAM. If the reboot or connect to the network again (leaving their house and coming back) NAM will throw the Incorrect PSK. They can only connect once and only if they remove the network and add it back. I did notice messages about "Missing PMK"  right before the message is thrown about an Incorrect PSK. 

 

The user started to see this issue after AnyConnect was upgraded from 4.10.0471 to Secure Client 5.1.2

 

Cisco Secure Client 5.1.2

TP-Link Deco Mesh Router

Labels:
0 Helpful
6 Replies 6

MHM Cisco World
VIP
VIP

ā€Ž07-01-2024 03:06 PM

are you try anyconnect with client use wifi 
PMK is for wifi not for anyconnect as I know 

MHM

0 Helpful

Chris Terry
Level 1
Level 1
In response to MHM Cisco World

ā€Ž07-02-2024 09:59 AM

In a WPA2 Personal network the PMK is the PSK. The user did state just using the native windows supplicant he does not experience the issue. 

MHM Cisco World
VIP
VIP
In response to Chris Terry

ā€Ž07-02-2024 10:01 AM

NO friend PMK is different and it mostly use for roaming 
you face I think something wrong in wifi

MHM

0 Helpful

Chris Terry
Level 1
Level 1

ā€Ž07-03-2024 10:01 AM

There was another user that is having the same issue. Different home router and different ISP. 

 

I noticed they both have the same error logs

2057: <HOST>: Jun 21 2024 07:58:25.901 -0500: %csc_nam-3-ERROR_MSG: %[tid=4840][comp=SAE]: RSN (3) RSN_EAPOL_KEY_FAILURE: Missing PMK (dot11i_sta.c 1028)
2253: <HOST>: Jun 21 2024 07:58:29.195 -0500: %csc_nam-3-ERROR_MSG: %[tid=4840][comp=SAE]: RSN (3) RSN_EAPOL_KEY_FAILURE: Missing PMK (dot11i_sta.c 1028)
2396: <HOST>: Jun 21 2024 07:58:32.328 -0500: %csc_nam-3-ERROR_MSG: %[tid=4840][comp=SAE]: RSN (3) RSN_EAPOL_KEY_FAILURE: Missing PMK (dot11i_sta.c 1028)
2539: <HOST>: Jun 21 2024 07:58:35.531 -0500: %csc_nam-3-ERROR_MSG: %[tid=4840][comp=SAE]: RSN (3) RSN_EAPOL_KEY_FAILURE: Missing PMK (dot11i_sta.c 1028)

0 Helpful

stsargen
Cisco Employee
Cisco Employee
In response to Chris Terry

ā€Ž07-03-2024 10:55 AM - edited ā€Ž07-03-2024 10:58 AM

These message are not related to incorrect PSK.  Is the PSK used something that might have abnormal characters in it?  Do you have a DART bundle with extended logging enabled?

Also, have they tested the latest version of Cisco Secure Client.  Several fixes regarding WPA2/WPA3 compatibility mode went in those releases. 

0 Helpful

Chris Terry
Level 1
Level 1
In response to stsargen

ā€Ž07-08-2024 09:37 AM

I did have them grab a DART bundle with extended logging. I uploaded that to the TAC case.

No abnormal characters in the PSK and it's under 16 characters. They haven't tested the new version yet.

0 Helpful
Customers Also Viewed These Support Documents