Just this morning we started to have an issue where all of our configured PPSKs stopped working. It appears to be an issue with the proxy APs not being able to authenticate with the IDM server. Please see the `show idm` commands output for each of the proxy APs:
IDM client: Enabled Per SSIDIDM Proxy IP: 10.12.32.11IDM proxy: EnabledIDM server: <HiveManager IP>IDM server IP: <HiveManager IP>RUN state: Authentication to IDM server rejectedIDM transport mode: TCPServer destination Port: 2083RadSec Certificate state: ValidRadSec Certificate Issued: 2021-02-12 21:11:27 GMTRadSec Certificate Expires: 2022-02-12 21:11:27 GMT
IDM client: Enabled Per SSIDIDM Proxy IP: 10.12.32.11IDM proxy: EnabledIDM server: <HiveManager IP>IDM server IP: <HiveManager IP>RUN state: Authentication to IDM server rejectedIDM transport mode: TCPServer destination Port: 2083RadSec Certificate state: ValidRadSec Certificate Issued: 2021-02-12 21:48:11 GMTRadSec Certificate Expires: 2022-02-12 21:48:11 GMT
Looking into the tech_results.txt of the proxy APs shows a TLS error which appears to be the failure point.
<27>1 2021-02-12T16:22:09.012119-05:00 aerohive radsecproxy[16751]: tlsconnectnonblock failed
<27>1 2021-02-12T16:22:09.007227-05:00 aerohive radsecproxy[16751]: tlsconnectnonblock: TLS: error:14094415:lib(20):func(148):reason(1045)
<28>1 2021-02-12T16:22:08.945587-05:00 aerohive radsecproxy[16751]: connecttcphostlist: TCP connection to 10.12.34.97 port 2083 up
<28>1 2021-02-12T16:22:08.944988-05:00 aerohive radsecproxy[16751]: connecttcphostlist: trying to open TCP connection to 10.12.34.97 port 2083
Does anyone have any suggests on how to correct this problem?
