Unable to Create Manual PPSK Users "Because atleast one aerhive device is disconnected..." error

  • 1
  • Question
  • Updated 2 years ago
Our setup was working good for past 1 year until couple of days ago when suddenly my helpdesk team says they cannot create wifi accounts which uses Manual PPSK authentication. When trying to create a new account the HM gives error "Because at least one Aerohive device is currently disconnected, the user account for XYZ could not be activated at this time. Please try again later." I have cross checked the connectivity of all APs in this network policy and all of them are up and running - connected with HM appliance. I have also restarted and uploaded the latest config on all APs. Lastly, I have restarted HM appliance but still no luck. Is there any way I can fetch logs of why these user accounts are not getting created?

By the way, I have automatic PPSK also on same network policy and I have no issues configuring new accounts.

Environment:
AP121 X 12 units
HM version 6.4r2a
SSID uses Manual PPSK and Automatic PPSK for authentication.
Setup has been working for last 1 year.
Photo of Kool_Kid

Kool_Kid

  • 6 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
The first thing I would do is upgrade the AP121 access points to the 6.5r4 firmware as this includes a huge number of bug fixes.  This will require you to upgrade the HiveManager to 6.6r3a or later.

I have had issues activating manually created PPSKs when the access points are located in very rural areas and the CAPWAP connectivity may not be the best due to the latency.  To get around this issue I use the "Upload and activate employee, guest, and contractor credentials" option in the "Upload and Activate Configuration" area (Monitor -> Update... -> Advanced -> Upload and Activate Configuration).
(Edited)
Photo of Kool_Kid

Kool_Kid

  • 6 Posts
  • 0 Reply Likes
Thanks for the reply. I have updated the HM to 6.6r3a and APs to 6.5r4 and uploaded the config to activate employee, guest and contractor credentials but still the same error appears. I have noticed that the PPSK ID works (endpoints are able to connect to ssid) but in the interface it shows as "Not Activated".
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Have you enabled E-mail alerting for the CAPWAP tunnels? (Home -> Administration -> HiveManager Services ->  Email Service Settings -> Enable Email Notification).  This would report if you have a CAPWAP tunnel from the HiveManager to one or more access points that is coming up and down, which could be causing your issue.
Photo of Kool_Kid

Kool_Kid

  • 6 Posts
  • 0 Reply Likes
Yes, email notifications are enabled but I don't see any random capwap tunnel alerts, only alerts I see is when I rebooted all APs and Hive Manager. APs and HM are all in same LAN network so latency is perfect (RTR <1ms).
Photo of Kool_Kid

Kool_Kid

  • 6 Posts
  • 0 Reply Likes
I have managed to resolve the issue by removing the disconnected APs which uses PPSKs for authentication but belonging to other network profiles. So far the issue is not re-occurring I will monitor for some more time and report back if the issue resurfaces.

Thanks for the support.