+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Wireless Networks Thread, Trapeze radius woes in Technical; Since we came inthis morning, clients are able to connect to our WEP and unsecured wifi SSIDs, however they are ...
  1. #1

    Join Date
    Nov 2008
    Posts
    137
    Thank Post
    6
    Thanked 3 Times in 2 Posts
    Rep Power
    12

    Trapeze radius woes

    Since we came inthis morning, clients are able to connect to our WEP and unsecured wifi SSIDs, however they are unable to connect to our Radius WIFI. The only change on the network over the weekend has been windows updates installation, and I've rolled them back but still nothing.

    I'm pointing my finger at Trapeze, however th contractor is pointing the finger at our network (usual IT story).

    Has anyone else had any issues, or can you recmmend anything.

    We don't seem to be getting any relevant enties in the certifcate server event logs, so I'm stumped.

  2. #2
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,405
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    Thank goodness for your unfortune (in the nicest possible way that phrase can ever be said).

    I've had a similar thing last week and I just thought it was something I'd done and been drastically trying to sort stuff out, but our RADIUS clients are going "Nope, not going to connect" yet the basic Wifi (for iPads etc) is working perfectly and I can join school laptops to it no worries.

    I was wondering whether to post, so now I'm kind of glad it's not just me (well, it might still be just me, but it's too similar to be a coincidence me thinks).

    I've so far tried reissuing a new RADIUS secret to all WAPs and such, but with no joys, so I've resorted to setting up a backup WiFi system which I've given staff details to access for the time being (though I'm going round laptops still, you know how it is).

    So if anyone has any further ideas, I'd be grateful to know too!

  3. #3
    gybe78's Avatar
    Join Date
    May 2008
    Location
    Aylesbury
    Posts
    142
    Thank Post
    25
    Thanked 30 Times in 20 Posts
    Rep Power
    18
    Quote Originally Posted by imunro01 View Post
    Since we came inthis morning, clients are able to connect to our WEP and unsecured wifi SSIDs, however they are unable to connect to our Radius WIFI. The only change on the network over the weekend has been windows updates installation, and I've rolled them back but still nothing.

    I'm pointing my finger at Trapeze, however th contractor is pointing the finger at our network (usual IT story).

    Has anyone else had any issues, or can you recmmend anything.

    We don't seem to be getting any relevant enties in the certifcate server event logs, so I'm stumped.
    Check the expiration date on the certificate you're using for RADIUS.

  4. #4

    Join Date
    Nov 2008
    Posts
    137
    Thank Post
    6
    Thanked 3 Times in 2 Posts
    Rep Power
    12
    Certificates snapin shows 2 sets of certs for the radius. One expires in 2014, and the other in 2017

  5. #5
    gybe78's Avatar
    Join Date
    May 2008
    Location
    Aylesbury
    Posts
    142
    Thank Post
    25
    Thanked 30 Times in 20 Posts
    Rep Power
    18
    Quote Originally Posted by imunro01 View Post
    Certificates snapin shows 2 sets of certs for the radius. One expires in 2014, and the other in 2017
    Make sure the Root CA certificate also hasn't expired. Are you using 2003 or 2008 RADIUS servers?

  6. #6
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,405
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    Quote Originally Posted by gybe78 View Post
    Make sure the Root CA certificate also hasn't expired. Are you using 2003 or 2008 RADIUS servers?
    I'm using 2008R2. I can see a few certificates have passed their expiration date, but they're WAY out, not just recently out (of course, this is probably something else I need to fix now .. but never mind).

    Some laptops seem to be coming back on stream for our WiFi after the reissue of the Radius Secret (just spotted a couple of staff I know haven't / won't have added the new settings, and sure enough they're connected to the Radius with no issues)

  7. #7

    Join Date
    Mar 2012
    Location
    Devon
    Posts
    233
    Thank Post
    0
    Thanked 17 Times in 16 Posts
    Rep Power
    12
    Just to add to this thread I experienced this too on my Trapeze network and it was the certificate that had expired on my RADIUS server.

    This Technet article details the fix I used.

  8. #8

    Join Date
    Mar 2008
    Location
    Kent
    Posts
    99
    Thank Post
    33
    Thanked 11 Times in 11 Posts
    Rep Power
    15
    Quote Originally Posted by Tall_Paul View Post
    Just to add to this thread I experienced this too on my Trapeze network and it was the certificate that had expired on my RADIUS server.

    This Technet article details the fix I used.
    Been having the same issue myself recently and suspected a certificate just couldn't find where it was! Will try this out this evening. Thanks!

  9. #9
    truebluesteve's Avatar
    Join Date
    Jan 2008
    Posts
    374
    Thank Post
    48
    Thanked 47 Times in 39 Posts
    Rep Power
    24
    We have a Trapeze system here (though not for much longer) and have had the problem a couple of times - this is the solution we used

    ----------------------------------------------------------------------------------

    On the Radius server, open the IAS logs using the IAS Log Viewer utility and identify when the problem first arose. This will help to identify which certificate is causing the issue.


    On the Radius server, create an MMC using the Certificates snap-in. (Note: use Certificates, not Certificate Templates or Certification Authority).
    Select snap-in to manage the Computer Account, for the local computer.
    Within the MMC, expand certificates (local computer), Personal, Certificates. A number of certificates will be shown.
    In the expiration date column, find the certificate that is due to expire 42 days after the issue first arose. If there isn't one, look for a certificate that is due to expire 84 days after the issue first arose.
    Once the offending certificate has been identified, scroll to the last column to identify the certificate template for the certificate.
    If the certificate template is Subordinate Certificate Authority, do the following:

    On the Radius server, open the Certification Authority MMC, usually found under administrative tools.
    Under Certification Authority (Local), select the certification authority, usually called something like CA1 Wireless Access.
    Right-click All Tasks, 'Renew CA certificate'. .
    Follow the wizard through; Certificate services will be stopped and restarted by the wizard and the Enterprise Root Certification Authority should be automatically populated with the name of the Forest Root server.
    Once complete and the services are restarted, return to the Certificates MMC created above and check that a new certificate has been issued.
    If the certificate template is IAS and Radius Server Authentication, do the following:

    Within the MMC created above, right-click the Certificates folder, select All Tasks, Request New Certificate, and click Next.

    In the list of Certificate Types, select RAS and IAS Server Authentication then Next.

    Leave the friendly name and description blank, click Next then Finish.

    OK the success message.

    A new Certificate with an expiry date two years from the current date will have been added to the certificate list. It is now necessary to change the RAS policy to use the new certificate.

    Review the event ID 2 warnings in the System Event Viewer on the Radius server; identify the policy or policies names. Typically there may be two remote access policies, one for staff and one for students.

    On the Radius server, open the Internet Authentication Service MMC, usually found in Administrative Tools.

    Open the Remote Access Policies node and locate the relevant policy.

    Open its Properties and select Edit Profile. On the Authentication tab, select EAP Methods.

    On the Select EAP Providers window, ensure that Smart Card or other certificate is selected and select Edit. A Smart Card or Other Certificate Properties window will open.
    In the 'Certificate issues to:' drop-down box there will be a number of entries that appear the same containing the FQDN of the Radius server. Each entry will relate to a different certificate on the Radius server. By selecting the different entries, the Issuer and expiration date are displayed.

    Locate the newly created certificate; this should have an expiration date of two years ahead and have something like CA1 Wireless Access as the issuer, not the college name.
    Select OK, OK, Apply, OK and OK to return to the IAS MMC.

    Repeat this process for any other affected remote access policies.

    The issue should now be resolved. Under certain circumstances it will be necessary to boot the wireless devices onto the wired network in order for them to obtain a new client certificate before they can authenticate wirelessly.

    ---------------------------------------------------------------

    Hope this helps

    Steve

  10. #10

    Join Date
    Nov 2008
    Posts
    137
    Thank Post
    6
    Thanked 3 Times in 2 Posts
    Rep Power
    12
    We're still no further forward with this, and after having the wireless people spend half a day on the problem, and getting no-where I received the following reply:-

    the Juniper/Trapeze MX wireless controller is in fact communicating effectively with your Network Policy Server and that basic user authentication is taking place.

    The issue with your system lies within your server farm and has manifested itself by preventing Network policy server from overruling the dial in settings on your active directory. It is also evident that the Certificate Services Web front end Is no longer running on any of your Domain Controller servers (this was set up on either DC1 or DC2 during the summer break when the school refurbishment was in progress).

    The authentication issues you are experiencing appear deep rooted in your system and will require major work on the Active Directory system and domain controllers as well as work on certificates and Network Policy Servers. This issue is not with the Trapeze / Juniper controller.
    At my wits end with it now so any input is helpful..

  11. #11

    Join Date
    Mar 2012
    Location
    Devon
    Posts
    233
    Thank Post
    0
    Thanked 17 Times in 16 Posts
    Rep Power
    12
    Quote Originally Posted by imunro01 View Post
    We're still no further forward with this, and after having the wireless people spend half a day on the problem, and getting no-where I received the following reply:-



    At my wits end with it now so any input is helpful..
    Who on earth has replied back to you with that? Unless you have made those significant changes they mention I would be going mad at a 'buck passing' unhelpful reply like that.

  12. #12

    Join Date
    Nov 2008
    Posts
    137
    Thank Post
    6
    Thanked 3 Times in 2 Posts
    Rep Power
    12
    We went home on the Friday with the WiFi working, and came in on the Monday to it no longer working. No changes have been made to AD during that time, and they sent over 6 hours trying to get it working.

    After installing a new NPS server, and setting up new certificate, they left site saying it should be working but just wasn't and they would set up a test lab. Their reply a week later is the one I posted,

  13. #13

    Join Date
    Mar 2012
    Location
    Devon
    Posts
    233
    Thank Post
    0
    Thanked 17 Times in 16 Posts
    Rep Power
    12
    It's not RM is it?

    Whoever it is need to be back and fixing it sharpish. You've been treated disgracefully.

  14. #14

    Join Date
    Nov 2008
    Posts
    137
    Thank Post
    6
    Thanked 3 Times in 2 Posts
    Rep Power
    12
    It's not RM, but it would be unprofessional to name the company. I really hoping you guys can give me some pointers.

  15. #15
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,405
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    ARGH .. I'm still struggling here .. I thought I'd got it sorted as a couple of laptops were connecting, but turns out not.. ARGH..

    So, I've set up a backup WiFi SSID with standard WPA2 (so I've been round putting the code in for everyone etc) but then this doesn't seem to like connecting all the time for different users, so a user has to log on who has logged on previously, which then activates the Wireless to connect and then they can log off and someone else can log on ..

    I'm having one of those "I really don't want to go into work" times at the moment just because of how stressful this is.. Need to get RADIUS back up and running, but hey, that's just not happening and I can't for the life of me see why it's not working!

    Does anyone know of any good how-to / step by step guides in case I'm missing something stupidly obvious?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. RADIUS and IAS
    By HodgeHi in forum Wireless Networks
    Replies: 98
    Last Post: 30th April 2009, 10:39 AM
  2. Exchange woes
    By steelrazor in forum How do you do....it?
    Replies: 5
    Last Post: 10th July 2006, 12:24 PM
  3. Sharepoint Woes
    By ICTNUT in forum Virtual Learning Platforms
    Replies: 5
    Last Post: 22nd May 2006, 02:39 PM
  4. ISA Server 2004 and RADIUS
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 11th December 2005, 12:48 PM
  5. Group Membership Woes (Need Help)
    By ICTNUT in forum Windows
    Replies: 11
    Last Post: 2nd December 2005, 03:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •