802.1x client cannot connect...NO clients can...on a single device

  • 1
  • Question
  • Updated 2 years ago
We have a strange issue with a new laptop....

We use 802.11x to authenticate users.... It's well in place and working just like it should everywhere... EXCEPT...this one laptop...

It doesn't matter what user/pass combination you try, nothing connects, all report back in monitor tool as "radius rejected"...  But, not enough details to tell why.

The laptop is using Intel 7265.  We cannot change this as it's not "our" laptop to change...

Not sure where else to look to see what it's complaining about for this single laptop.  Everything else we use works just fine.   It's also not limited to an area or an AP.  I ruled those out right away.

Anyone have any ideas?   Where can I look to see more of the radius rejection information?
In HMOL, other than the monitoring tool, not sure where else to look.   I reviewed the logs I could find, but nothing referenced RADIUS.

I looked at the logs on our M$ Windows server that is handling the Radius requests and I couldn't find anything in its logs....doesn't mean not there, just I couldn't find it...

If I can see something that tells me "why", then maybe I can adjust....
Photo of Bryan Tetlow

Bryan Tetlow

  • 78 Posts
  • 2 Reply Likes

Posted 2 years ago

  • 1
Photo of Steve Kellogg

Steve Kellogg

  • 87 Posts
  • 2 Reply Likes
I've seen others complaining about this issue - and not just on Aerohive APs.  Here's a link to a Lenovo forum thread.
Photo of Bryan Tetlow

Bryan Tetlow

  • 78 Posts
  • 2 Reply Likes
WOW!   And this just happens to be a Lenovo Laptop too....    (thanks!  We'll see how ugly it is now...)
Photo of Steve Kellogg

Steve Kellogg

  • 87 Posts
  • 2 Reply Likes
And I just ordered a T450 for my boss last week... I'll be sure to check what Nick suggests below!
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Bryan,

Can you confirm if you're using an 18 series Intel driver with this laptop? The driver supplied directly from Intel's website not the laptop manufacturer...

Nick
Photo of Bryan Tetlow

Bryan Tetlow

  • 78 Posts
  • 2 Reply Likes
At this time, I cannot.... This is an outside vendor system.... I will have to get the field support person to see if he can get that detail.

I do know this is reported as a brand new laptop...but that can be subjective as it could be just brand new to the person using it. :)
Photo of Bryan Tetlow

Bryan Tetlow

  • 78 Posts
  • 2 Reply Likes
Interesting....
so, my take-away is.... getting to 18.20.0.8 seems to solve the problems... I will bet a nickel, this laptop has stock original drivers...
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
The other thing to check is if Intel's own supplicant is installed and borking things. If it is, get rid of it.
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
^Nick Lowe. Agreed. 
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
On your Windows server that you're using for RADIUS, launch the Event Viewer. Then go to Custom Views->Server Roles->Network Policy and Accounts.  This is where you can see the reason the RADIUS request is granted or denied by Windows.  If you do not have any events in here, you probably did not enable logging in NPS.  If you need to enable logging, go into Network Policy Server and go to Accounting.  Under Log File Properties, click the Change Log File Properties link.  From the window that pops-up, select what you want logged.  You should check at least Accounting requests and Authentication requests.