Windows 2008 NPS Error 14 logs with Aerohive AP330

  • 1
  • Question
  • Updated 1 year ago
Hi All,

We have an SSID which uses WPA Enterprise authentication through Windows 2008 NPS. All our configuration seems to be ok as clients are authenticating on the SSID.

However we are seeing consecutive Error '14' logs on the Windows Server Event Viewer which are being generated almost every second. The error reads

A RADIUS message was received from RADIUS client X.X.X.X with an invalid authenticator. This is typically caused by mismatched shared secrets. Verify the configuration of the shared secret for the RADIUS client in the Network Policy Server snap-in and the configuration of the network access server.

We have checked and there is not any mismatch in keys as clients are able to join the network through successful authentication. I also tested on a single AP by manually changing the key after which no authentication took place.

The interesting bit is this. We are only seeing error logs from model AP330 and AP350 (we also have AP121 with 6.4r1 in our network but no errors logs generated from them). Another interesting bit that AP330s & AP350s with HiveOS 6.5r5 are seen in the logs. I have one AP330 with 6.5r4 and one AP330 with 6.5r6 but both of them do not generate any logs. 

I really want to see if there is a smaller fix than just upgrading OS on all APs and run into some other issues. Also 6.5r5 is a golden release which is more stable then possible future upgrades.

Any help would be great in this matter.

Thanks
Sajid
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Sajid,

The correct fix is to update to HiveOS 6.5r6 that is in the golden release branch.

This was an issue to do with the calculation of the request authenticator in RADIUS Accounting-Request packets when they were retransmitted.

Regards,

Nick
(Edited)
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes
Hi Nick,

Thanks for your reply.

Before we proceed to update firmware on all the APs, HiveOS 6.5r6 is also part of the golden release and is also as stable as 6.5r5?

Thanks
Sajid
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes
Hi Nick,

Sorry another question.

The release notes for HiveOS 6.5r6 mention that

"Managed by: HiveManager 6.8r7a and later, and HiveManager NG 11.18 and later"

Our Hive manager is on Enterprise 6.8r5. Will it work with the upgraded APs or do we need to upgrade this firmware first.

Thanks
Sajid
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Sajid,

Please update HiveManager first.

Thanks,

Nick
Photo of j

j

  • 24 Posts
  • 7 Reply Likes
Since 6.5r6 is part of Aerohive's long-lived stable release branch, it should be as stable as 6.5r5. Please refer to the release notes.

6.8r7a adds support for HiveOS 6.5r6, so upgrading your HM is a must.
(Edited)
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
If you cannot upgrade HM to 6.8r7a anytime soon, downgrade all your AP330s and AP350s to HiveOS 6.5r4. This will get rid of those errors in the Event Log. Then when you upgrade HM to 6.8r7a, upgrade all of your AP330s and AP350s (and AP121s) to HiveOS 6.5r6.
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes
Hi All,

Thanks for your support.

However, when i check for hive Manager Updates from the internet it only shows til 6.8r7 and not 6.8r7a.



Will this be ok or do I download 6.8r7a from support portal and update firmware manually.

Also couple of question

1. How long does the update take?
2. During the update will the access points face any outage themselves in providing connectivity to the clients?

Thanks
Sajid
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
Download 6.8r7a from the support portal.
1. The amount of time the update takes depends upon the size of your database and the hardware of your HM. If you have a large database, it will take hours. I usually start an upgrade late at night and then just check it the next morning.
2. The will not have any outage. It's just like if you reboot HM; the APs continue to do their thing until HM comes back online. You just won't be able to manage them. That's one of the advantages of Aerohive's solution over controller based solutions.