Re: Wireless - Invalid MIC - EAPoL 4-way handshake is failling - Page 5

Raphael_L · ‎05-10-2023

Hi ,

Any wireless Guru that could help me troubleshoot/understand this issue that we are having ? 🤔

Since we upgraded to MR29 ( I tried ANY versions of MR29 ) , users are randomly getting errors ( 20-25s of packetloss ) on reassoc.

SSID is WPA2-Enterprise with ISE. 802.11r is enabled , CoA disabled and 802.11w disabled.

Dashboard always shows theses logs :

Packet captures almost always show that the 4-WAY EAPoL is missing Message 3-4 :

All our workstations are using Intel wireless NIC. We are running 22.170.3 but I have tried other version such as the latest 22.200.2. Same result.

Downgrading to MR28 OR disabling 802.11r solves the issue.

Any tips / ideas ?

Raghu_Kuri · ‎07-03-2023

Thanks Christoph, I appreciate the screenshot. Just checked even MR46's that we use do not support Pre-Auth. Its a pity that its not supported by Meraki.

ChristophJ · ‎07-04-2023

Pre-Auth is a fairly old feature that predates 802.1r and even OKC.

If you enabled Key Caching on Windows and 802.1r on Meraki that should already help with roaming by a lot.

Raghu_Kuri · ‎06-20-2023

AX200 802.11r windows 10 PMK Caching - Intel Community

Raghu_Kuri · ‎06-20-2023

If you are pushing the profile via Intune, just scroll down on the Wifi settings for the profile in Intune and the settings for PMK caching will be found.

Raghu_Kuri · ‎06-21-2023

My windows 10 has the new profile we pushed that contains PMKID and Pre-Auth enabled. The good news is I see no EAPOL timeouts anymore. We are going to have more pilot users added into this group today and will monitor how it goes for them this week and half of next week before we push this to all our staff. Also to let you know Intel has today released the 230 driver. I will just get this onto my windows and monitor if the stability is maintained.

decassuncao · ‎06-23-2023

Try disable .r

NitinVats · ‎06-27-2023

@Raphletourn Anything yet from Microsoft on the KB articles for the 2 PMK ID Issue?

Raphael_L · ‎06-27-2023

Not yet. I'm on vacation. I will have to check next monday

Jagermeister · ‎09-26-2023

Did you ever manage to find a solution for this? What exactly did Microsoft tell you about the special KB that will contain a fix?

Raphael_L · ‎09-26-2023

Still no recent news ! Last I heard they might deploy that KB in 2023. I would expect nov/dec. I will keep that thread updated !

Jagermeister · ‎09-26-2023

Thanks for your reply!

Hopefully they will release this KB soon. Is there any written confirmation from Microsoft about this problem? I cannot find anything about it.

Raphael_L · ‎10-07-2023

Hi everyone.

No news/updates from Microsoft , but I saw this today :

Going to test this next week and keep everyone informed.

Raphael_L · ‎10-10-2023

Update 2023-10-10

It seems that the double PMK issue is only affecting us as per Microsoft :

The fix will be publicly available in April via what I believe will be called 24H1 (build 2304)
We only have XXXXXX ( our company ) raising this scenario to us at this time. No other customers have opened ticket with us on this same scenario.

So we are stuck with MR28.6 until atleast April 2024. yay.

JPavonM · ‎10-10-2023

@Raphletourn do you have a bug id, or ticket number, to which we can reference to Microsoft?

In my case, the problem is that WinTel team do not open ticket to MS unless this ould be something critical, which is not the case.

Raphael_L · ‎10-11-2023

Our case is 2306080040008631. I don't have the bug ID or anything else at the moment.