cancel
Showing results for 
Search instead for 
Did you mean: 

All PPSKs stopped working

All PPSKs stopped working

stit
New Contributor

Just this morning we started to have an issue where all of our configured PPSKs stopped working. It appears to be an issue with the proxy APs not being able to authenticate with the IDM server. Please see the `show idm` commands output for each of the proxy APs:

IDM client: Enabled Per SSIDIDM Proxy IP: 10.12.32.11IDM proxy: EnabledIDM server: <HiveManager IP>IDM server IP: <HiveManager IP>RUN state: Authentication to IDM server rejectedIDM transport mode: TCPServer destination Port: 2083RadSec Certificate state: ValidRadSec Certificate Issued: 2021-02-12 21:11:27 GMTRadSec Certificate Expires: 2022-02-12 21:11:27 GMT

 

IDM client: Enabled Per SSIDIDM Proxy IP: 10.12.32.11IDM proxy: EnabledIDM server: <HiveManager IP>IDM server IP: <HiveManager IP>RUN state: Authentication to IDM server rejectedIDM transport mode: TCPServer destination Port: 2083RadSec Certificate state: ValidRadSec Certificate Issued: 2021-02-12 21:48:11 GMTRadSec Certificate Expires: 2022-02-12 21:48:11 GMT

 

Looking into the tech_results.txt of the proxy APs shows a TLS error which appears to be the failure point.

<27>1  2021-02-12T16:22:09.012119-05:00 aerohive radsecproxy[16751]: tlsconnectnonblock failed
<27>1  2021-02-12T16:22:09.007227-05:00 aerohive radsecproxy[16751]: tlsconnectnonblock: TLS: error:14094415:lib(20):func(148):reason(1045)
<28>1  2021-02-12T16:22:08.945587-05:00 aerohive radsecproxy[16751]: connecttcphostlist: TCP connection to 10.12.34.97 port 2083 up
<28>1  2021-02-12T16:22:08.944988-05:00 aerohive radsecproxy[16751]: connecttcphostlist: trying to open TCP connection to 10.12.34.97 port 2083

 

Does anyone have any suggests on how to correct this problem?

1 ACCEPTED SOLUTION
3 REPLIES 3

StephanH
Valued Contributor III

stit
New Contributor

Hi StephanH,

Thank you for the reply. I should have specified we are running an on-prem version of HiveManager NG so the communication should be all on our LAN.

StephanH
Valued Contributor III

Hello stit,

did you check if the APs via the port     
2083 TCP (RadSec) can reach the cloud servers? Maybe something was changed in the firewall settings.

Regards Stephan
GTM-P2G8KFN