5411 No response received during 120 seconds on last EAP message

Sandeep Choudhary · ‎03-06-2014

Hello Guys,

Today I tried with new CA certificates on my ISE server but I am facing this issue.

RADIUS Status:No response received during 120 seconds on last EAP message sent to the client : 5411 No response received during 120 seconds on last EAP message sent to the client

With old CA, all clients are working perfectly. But with new CA I am not bale to find out the root cause of this.

If anyone have an idea to solve this problem please share with me.

Thanks

Sandeep Choudhary · ‎03-06-2014

anyone have an idea ???

Scott Fella · ‎03-06-2014

Sandeep,

With a new CA, you need to make sure that the clients are trusting or have the root CA of the new CA. The message you see is usually because of the device not trusting that certificate. If these are domain computers, then you can push the new CA certificate to the clients via GPO... make sure that all your servers have the new root CA in their trusted root CA store.

Your testing with the new oand the old, points to either client or AD isn't trusting that certificate.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Sandeep Choudhary · ‎03-06-2014

HI Scott,

I checked everything, with old CA everthing is working but withe new one no....

Even I send you the meaase by PM. If you have time then u can check via teamviewer ?

From myside I m totally blank now.

Regards

Scott Fella · ‎03-06-2014

Sure... I have some time in a few hours... getting my daughter ready for school:)

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Sandeep Choudhary · ‎03-06-2014

Thanks.

I am at my desk for next one hour. If you get time then its ok otherwise we will do it tommorow.

Regards

Sandeep Choudhary · ‎03-19-2014

So here is the update and resolution of this post:

What was the problem:

Device - 2100 WLC -7.0.240.0 , ISE 1.1:

1. Certificate on client contain: Signature Alogorithm: sha256, Public key: 2048 Bits

Conclusion: not working

2. Certificate on client contain: Signature Alogorithm: sha256, Public key: 1024 Bits

Conclusion: working

3. Certificate on client contain: Signature Alogorithm: sha256, Public key: 4096 Bits

Conclusion: working

-----------------------------------------------------------------------------------------------

Then I tested with another controller with diff hardware version with diff software:

WLC 2504- 7.3.112.0, ISE 1.1

1. Certificate on client contain: Signature Alogorithm: sha256, Public key: 2048 Bits

Conclusion: working

2. Certificate on client contain: Signature Alogorithm: sha256, Public key: 1024 Bits

Conclusion: working

3. Certificate on client contain: Signature Alogorithm: sha256, Public key: 4096 Bits

Conclusion: working

I dont know what exactly WLC is doing but in my view the culprit is WLC and WLC software version.

May be it helps , if anyone have the same problem.