02-12-2021 10:13 PM
Just this morning we started to have an issue where all of our configured PPSKs stopped working. It appears to be an issue with the proxy APs not being able to authenticate with the IDM server. Please see the `show idm` commands output for each of the proxy APs:
IDM client: Enabled Per SSIDIDM Proxy IP: 10.12.32.11IDM proxy: EnabledIDM server: <HiveManager IP>IDM server IP: <HiveManager IP>RUN state: Authentication to IDM server rejectedIDM transport mode: TCPServer destination Port: 2083RadSec Certificate state: ValidRadSec Certificate Issued: 2021-02-12 21:11:27 GMTRadSec Certificate Expires: 2022-02-12 21:11:27 GMT
IDM client: Enabled Per SSIDIDM Proxy IP: 10.12.32.11IDM proxy: EnabledIDM server: <HiveManager IP>IDM server IP: <HiveManager IP>RUN state: Authentication to IDM server rejectedIDM transport mode: TCPServer destination Port: 2083RadSec Certificate state: ValidRadSec Certificate Issued: 2021-02-12 21:48:11 GMTRadSec Certificate Expires: 2022-02-12 21:48:11 GMT
Looking into the tech_results.txt of the proxy APs shows a TLS error which appears to be the failure point.
<27>1 2021-02-12T16:22:09.012119-05:00 aerohive radsecproxy[16751]: tlsconnectnonblock failed
<27>1 2021-02-12T16:22:09.007227-05:00 aerohive radsecproxy[16751]: tlsconnectnonblock: TLS: error:14094415:lib(20):func(148):reason(1045)
<28>1 2021-02-12T16:22:08.945587-05:00 aerohive radsecproxy[16751]: connecttcphostlist: TCP connection to 10.12.34.97 port 2083 up
<28>1 2021-02-12T16:22:08.944988-05:00 aerohive radsecproxy[16751]: connecttcphostlist: trying to open TCP connection to 10.12.34.97 port 2083
Does anyone have any suggests on how to correct this problem?
Solved! Go to Solution.
02-16-2021 02:44 AM
Hello stit,
Check that KB, please:
https://extremeportal.force.com/ExtrArticleDetail?an=000060669&q=tlsconnectnonblock%20failed
02-16-2021 02:44 AM
Hello stit,
Check that KB, please:
https://extremeportal.force.com/ExtrArticleDetail?an=000060669&q=tlsconnectnonblock%20failed
02-15-2021 02:15 PM
Hi StephanH,
Thank you for the reply. I should have specified we are running an on-prem version of HiveManager NG so the communication should be all on our LAN.
02-15-2021 06:33 AM
Hello stit,
did you check if the APs via the port
2083 TCP (RadSec) can reach the cloud servers? Maybe something was changed in the firewall settings.