General
      Back to home
      1. Help Center
      2. General

      Troubleshooting WPA Enterprise

      Toubleshooting error messages in windows

       Client View 

      Wrong XML

      Check that your client has a certificate to authenticate and that you are using the correct WiFi configuration profile or XML.

      Trusted Root issues

      Check that you've done the following:
      •  Told your RADIUS Server which certificates are allowed to connect.
      •  Imported the active RADIUS Server certificate as trusted root on your client.
      Also check your reports (IronWiFi console -> Reports -> Authentication Requests) There is a detailed description of the error.
      If your Clients need to verify on connecting the first time, and you're seeing this dialog:
      Make sure that you have referenced the Server certificate in your WiFi Profile:
       

      Server View

      Unknown CA

      if you see something like this in your Logs:
      1. Mon Jul 12 12:38:09 2021 : ERROR: (14872) eap_tls: ERROR: SSL says error 20 : unable to get local issuer certificate
      2. Mon Jul 12 12:38:09 2021 : ERROR: (14872) eap_tls: ERROR: TLS Alert write:fatal:unknown CA
      3. Mon Jul 12 12:38:09 2021 : Error: tls: TLS_accept: Error in error
      4. Mon Jul 12 12:38:09 2021 : Auth: (14872) Login incorrect (eap_tls: SSL says error 20 : unable to get local issuer certificate): [host/8dc38402-20fb-41db-a8f3-4e4e95637173/<via Auth-Type = eap>] (from client contoso port 1 cli 18-9K-EA-0H-7F-C5)
      It can be one of this options:
      1. Your RADIUS server doesn't know the issuer of the certificate which was used for authentication. Add your CA .
      2. Your Client doesn't know the Server certificate and rejects the connection. Check that you've added your Server certificate.
      3. You've changed/added a new Server certificate and your XML profile on the client is using the old one. In that case, please double-check that you've either updated your WiFi/Wired profile or re-generated your XML after adding the certificates and pushed that to your clients.

      Fatal decrypt error

      If you can see something like this in your Logs:
      1. Wed Apr 7 08:14:39 2021 : Auth: (312) Login incorrect (eap_tls: TLS Alert write:fatal:decrypt error): [host/00128t09-cbna-469c-9768-2783d28eikl9/<via Auth-Type = eap>] (from client contoso port 1 cli 84-FD-D1-8C-0E-33)
      2. Wed Apr 7 08:14:41 2021 : ERROR: (320) eap_tls: ERROR: TLS Alert write:fatal:decrypt error
      3. Wed Apr 7 08:14:41 2021 : Error: tls: TLS_accept: Error in error
       
      ... then it is probably a bug of the TPM software on your Windows machines.