03-06-2014 02:19 AM - edited 07-05-2021 12:21 AM
Hello Guys,
Today I tried with new CA certificates on my ISE server but I am facing this issue.
RADIUS Status:No response received during 120 seconds on last EAP message sent to the client : 5411 No response received during 120 seconds on last EAP message sent to the client
With old CA, all clients are working perfectly. But with new CA I am not bale to find out the root cause of this.
If anyone have an idea to solve this problem please share with me.
Thanks
03-06-2014 05:41 AM
anyone have an idea ???
03-06-2014 05:42 AM
Sandeep,
With a new CA, you need to make sure that the clients are trusting or have the root CA of the new CA. The message you see is usually because of the device not trusting that certificate. If these are domain computers, then you can push the new CA certificate to the clients via GPO... make sure that all your servers have the new root CA in their trusted root CA store.
Your testing with the new oand the old, points to either client or AD isn't trusting that certificate.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
03-06-2014 05:44 AM
HI Scott,
I checked everything, with old CA everthing is working but withe new one no....
Even I send you the meaase by PM. If you have time then u can check via teamviewer ?
From myside I m totally blank now.
Regards
03-06-2014 05:52 AM
Sure... I have some time in a few hours... getting my daughter ready for school:)
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
03-06-2014 05:54 AM
Thanks.
I am at my desk for next one hour. If you get time then its ok otherwise we will do it tommorow.
Regards
03-19-2014 04:07 AM
So here is the update and resolution of this post:
What was the problem:
Device - 2100 WLC -7.0.240.0 , ISE 1.1:
1. Certificate on client contain: Signature Alogorithm: sha256, Public key: 2048 Bits
Conclusion: not working
2. Certificate on client contain: Signature Alogorithm: sha256, Public key: 1024 Bits
Conclusion: working
3. Certificate on client contain: Signature Alogorithm: sha256, Public key: 4096 Bits
Conclusion: working
-----------------------------------------------------------------------------------------------
Then I tested with another controller with diff hardware version with diff software:
WLC 2504- 7.3.112.0, ISE 1.1
1. Certificate on client contain: Signature Alogorithm: sha256, Public key: 2048 Bits
Conclusion: working
2. Certificate on client contain: Signature Alogorithm: sha256, Public key: 1024 Bits
Conclusion: working
3. Certificate on client contain: Signature Alogorithm: sha256, Public key: 4096 Bits
Conclusion: working
I dont know what exactly WLC is doing but in my view the culprit is WLC and WLC software version.
May be it helps , if anyone have the same problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide