Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6183
Views
5
Helpful
7
Replies

Android 11 & 12 devices not connecting to internal wireless network

Go to solution
Joe Della Valle
Level 1
Level 1

‎11-10-2021 08:05 AM

Has anyone see this issue with Android devices not able to connect to Cisco wireless networks?

 

Looking at our ISE logs, it seems the devices are not puling down the wireless certificate. You can see the attempt to join the wireless network in ISE but then it just errors out with "PEAP failed SSL/TLS handshake after a client alert"

 

This is the resolution, but the wireless certificate is there but not being pulled down:

 

Check whether the proper server certificate is installed and configured for EAP in the Local Certificates page ( Administration > System > Certificates > Local Certificates ). Also ensure that the certificate authority that signed this server certificate is properly installed in client's supplicant. Check the previous steps in the log for this EAP-TLS conversation for a message indicating why the handshake failed. Check the OpenSSLErrorMessage and OpenSSLErrorStack for more information.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to Joe Della Valle

‎11-11-2021 11:35 AM

Which option is removed by Android?

I was recently part of a deployment where we pushed certificates to thousands of Android devices running 11 using MDM, I also tested in my personal devices. Certificates can be installed without any issues. Where did you get stuck?

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎11-10-2021 12:51 PM

Latest Android OS removed the "do not validate" certificate option, which in older versions were used to bypass the full certificate validation. So due to this reason new Android OS versions doesnt allow access to any WPA2 enterprise networks which uses SSC, or any certificate from a CA which is in the Android certificate trust store.
Your options are either use a certificate signed by a public CA which is trusted by Android or upload the CA root/ intermediate certificates to Andoid device.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Go to solution
Joe Della Valle
Level 1
Level 1
In response to Arshad Safrulla

‎11-11-2021 10:04 AM

Arshad,

That option has been removed from Android 11 & 12, so that will not work. 

0 Helpful

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to Joe Della Valle

‎11-11-2021 11:35 AM

Which option is removed by Android?

I was recently part of a deployment where we pushed certificates to thousands of Android devices running 11 using MDM, I also tested in my personal devices. Certificates can be installed without any issues. Where did you get stuck?

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

Go to solution
Joe Della Valle
Level 1
Level 1
In response to Arshad Safrulla

‎11-12-2021 05:09 AM

The option for "do not validate" is not available in Android 11 & 12, check a new Android 12 device, here in the States the option is removed. 

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎11-10-2021 03:18 PM

CSCvu24770

0 Helpful

Go to solution
karl.greenwood.ext
Level 1
Level 1
In response to Leo Laohoo

‎01-30-2023 06:29 PM

This Cisco bug states that it is applicable to Affected clients running Android 10.

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni

‎11-12-2021 05:03 AM

In my case I had to disable Fast Transition on the SSID under Security - Layer 2 recently. Might have been another issue though. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card