Solved

All PPSKs stopped working

  • 12 February 2021
  • 3 replies
  • 51 views

Just this morning we started to have an issue where all of our configured PPSKs stopped working. It appears to be an issue with the proxy APs not being able to authenticate with the IDM server. Please see the `show idm` commands output for each of the proxy APs:

IDM client: Enabled Per SSIDIDM Proxy IP: 10.12.32.11IDM proxy: EnabledIDM server: <HiveManager IP>IDM server IP: <HiveManager IP>RUN state: Authentication to IDM server rejectedIDM transport mode: TCPServer destination Port: 2083RadSec Certificate state: ValidRadSec Certificate Issued: 2021-02-12 21:11:27 GMTRadSec Certificate Expires: 2022-02-12 21:11:27 GMT

 

IDM client: Enabled Per SSIDIDM Proxy IP: 10.12.32.11IDM proxy: EnabledIDM server: <HiveManager IP>IDM server IP: <HiveManager IP>RUN state: Authentication to IDM server rejectedIDM transport mode: TCPServer destination Port: 2083RadSec Certificate state: ValidRadSec Certificate Issued: 2021-02-12 21:48:11 GMTRadSec Certificate Expires: 2022-02-12 21:48:11 GMT

 

Looking into the tech_results.txt of the proxy APs shows a TLS error which appears to be the failure point.

<27>1  2021-02-12T16:22:09.012119-05:00 aerohive radsecproxy[16751]: tlsconnectnonblock failed
<27>1  2021-02-12T16:22:09.007227-05:00 aerohive radsecproxy[16751]: tlsconnectnonblock: TLS: error:14094415:lib(20):func(148):reason(1045)
<28>1  2021-02-12T16:22:08.945587-05:00 aerohive radsecproxy[16751]: connecttcphostlist: TCP connection to 10.12.34.97 port 2083 up
<28>1  2021-02-12T16:22:08.944988-05:00 aerohive radsecproxy[16751]: connecttcphostlist: trying to open TCP connection to 10.12.34.97 port 2083

 

Does anyone have any suggests on how to correct this problem?

icon

Best answer by StephanH 16 February 2021, 03:44

View original

3 replies

Userlevel 7
Badge +1

Hello stit,

did you check if the APs via the port     
2083 TCP (RadSec) can reach the cloud servers? Maybe something was changed in the firewall settings.

Hi StephanH,

Thank you for the reply. I should have specified we are running an on-prem version of HiveManager NG so the communication should be all on our LAN.

Userlevel 7
Badge +1

Hello stit,

Check that KB, please:

https://extremeportal.force.com/ExtrArticleDetail?an=000060669&q=tlsconnectnonblock%20failed

Reply