Wireless Access

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

------------------------------
Carson Hulcher, ACEX#110
------------------------------

Original Message:
Sent: Feb 18, 2025 01:42 PM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Original Message:
Sent: Feb 18, 2025 06:42 AM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

------------------------------
Carson Hulcher, ACEX#110
------------------------------

Original Message:
Sent: Feb 18, 2025 04:14 PM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Original Message:
Sent: 2/18/2025 4:03:00 PM
From: chulcher
Subject: RE: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Feb 18, 2025 01:42 PM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Original Message:
Sent: Feb 18, 2025 06:42 AM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

Yeah checked all that. They are running with the default certificates and also works flawlessly for the first couple of days or weeks. Then it stops intercepting the DNS request. Then I have to reboot the AP's to get I going again

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

That is very much something that TAC needs to look at.

Yeah checked all that. They are running with the default certificates and also works flawlessly for the first couple of days or weeks. Then it stops intercepting the DNS request. Then I have to reboot the AP's to get I going again

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

I have created a ticket, but I doubt I'll be able to follow through as I'm never onsite and have a hard time working with support on tickets that is not 100% reproducible every time.

I will upgrade to 10.7.1.1 tonight to see if the Guest SSID connection fix in that firmware might solve the issue for us.

That is very much something that TAC needs to look at.

Yeah checked all that. They are running with the default certificates and also works flawlessly for the first couple of days or weeks. Then it stops intercepting the DNS request. Then I have to reboot the AP's to get I going again

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

Hi, I have guests complaining for the same issue but with email link verification. With sms OTP code everything looks fine.

Just tried to upgrade to 10.7.1.1 and issue still persists. Opened a case this morning, I will update topic here

I have created a ticket, but I doubt I'll be able to follow through as I'm never onsite and have a hard time working with support on tickets that is not 100% reproducible every time.

I will upgrade to 10.7.1.1 tonight to see if the Guest SSID connection fix in that firmware might solve the issue for us.

That is very much something that TAC needs to look at.

Yeah checked all that. They are running with the default certificates and also works flawlessly for the first couple of days or weeks. Then it stops intercepting the DNS request. Then I have to reboot the AP's to get I going again

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

I created a ticket also, and it turned out to be a port opening towards Central (TCP 2083) that was missing in our setup. That caused the AP's to be unable to reach cloud guest radius on TCP 2083 and meant DNS redirection became non functional after a while. 

Hi, I have guests complaining for the same issue but with email link verification. With sms OTP code everything looks fine.

Just tried to upgrade to 10.7.1.1 and issue still persists. Opened a case this morning, I will update topic here

I have created a ticket, but I doubt I'll be able to follow through as I'm never onsite and have a hard time working with support on tickets that is not 100% reproducible every time.

I will upgrade to 10.7.1.1 tonight to see if the Guest SSID connection fix in that firmware might solve the issue for us.

That is very much something that TAC needs to look at.

Yeah checked all that. They are running with the default certificates and also works flawlessly for the first couple of days or weeks. Then it stops intercepting the DNS request. Then I have to reboot the AP's to get I going again

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

Good to know, and now is working fine in your environment? Just checked but port TCP/2083 seems to be opened looking at my EdgeConnect logs for this morning

I created a ticket also, and it turned out to be a port opening towards Central (TCP 2083) that was missing in our setup. That caused the AP's to be unable to reach cloud guest radius on TCP 2083 and meant DNS redirection became non functional after a while. 

Hi, I have guests complaining for the same issue but with email link verification. With sms OTP code everything looks fine.

Just tried to upgrade to 10.7.1.1 and issue still persists. Opened a case this morning, I will update topic here

I have created a ticket, but I doubt I'll be able to follow through as I'm never onsite and have a hard time working with support on tickets that is not 100% reproducible every time.

I will upgrade to 10.7.1.1 tonight to see if the Guest SSID connection fix in that firmware might solve the issue for us.

That is very much something that TAC needs to look at.

Yeah checked all that. They are running with the default certificates and also works flawlessly for the first couple of days or weeks. Then it stops intercepting the DNS request. Then I have to reboot the AP's to get I going again

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

"show radius-servers", make sure that the Cloud Guest servers are showing RadSec enabled and port 2083 or 443.

Good to know, and now is working fine in your environment? Just checked but port TCP/2083 seems to be opened looking at my EdgeConnect logs for this morning

I created a ticket also, and it turned out to be a port opening towards Central (TCP 2083) that was missing in our setup. That caused the AP's to be unable to reach cloud guest radius on TCP 2083 and meant DNS redirection became non functional after a while. 

Hi, I have guests complaining for the same issue but with email link verification. With sms OTP code everything looks fine.

Just tried to upgrade to 10.7.1.1 and issue still persists. Opened a case this morning, I will update topic here

I have created a ticket, but I doubt I'll be able to follow through as I'm never onsite and have a hard time working with support on tickets that is not 100% reproducible every time.

I will upgrade to 10.7.1.1 tonight to see if the Guest SSID connection fix in that firmware might solve the issue for us.

That is very much something that TAC needs to look at.

Yeah checked all that. They are running with the default certificates and also works flawlessly for the first couple of days or weeks. Then it stops intercepting the DNS request. Then I have to reboot the AP's to get I going again

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

Hi Chulcher,

yes I checked from an AP and it seems fine:

Thanks

"show radius-servers", make sure that the Cloud Guest servers are showing RadSec enabled and port 2083 or 443.

Good to know, and now is working fine in your environment? Just checked but port TCP/2083 seems to be opened looking at my EdgeConnect logs for this morning

I created a ticket also, and it turned out to be a port opening towards Central (TCP 2083) that was missing in our setup. That caused the AP's to be unable to reach cloud guest radius on TCP 2083 and meant DNS redirection became non functional after a while. 

Hi, I have guests complaining for the same issue but with email link verification. With sms OTP code everything looks fine.

Just tried to upgrade to 10.7.1.1 and issue still persists. Opened a case this morning, I will update topic here

I have created a ticket, but I doubt I'll be able to follow through as I'm never onsite and have a hard time working with support on tickets that is not 100% reproducible every time.

I will upgrade to 10.7.1.1 tonight to see if the Guest SSID connection fix in that firmware might solve the issue for us.

That is very much something that TAC needs to look at.

Yeah checked all that. They are running with the default certificates and also works flawlessly for the first couple of days or weeks. Then it stops intercepting the DNS request. Then I have to reboot the AP's to get I going again

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

Just to double check, what about "show radius status"?

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Mar 31, 2025 11:32 AM
From: Gian911
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Hi Chulcher,

yes I checked from an AP and it seems fine:

Thanks

Original Message:
Sent: Mar 31, 2025 11:21 AM
From: chulcher
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

"show radius-servers", make sure that the Cloud Guest servers are showing RadSec enabled and port 2083 or 443.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Mar 31, 2025 07:16 AM
From: Gian911
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Good to know, and now is working fine in your environment? Just checked but port TCP/2083 seems to be opened looking at my EdgeConnect logs for this morning

Original Message:
Sent: Mar 31, 2025 06:57 AM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

I created a ticket also, and it turned out to be a port opening towards Central (TCP 2083) that was missing in our setup. That caused the AP's to be unable to reach cloud guest radius on TCP 2083 and meant DNS redirection became non functional after a while. 

Original Message:
Sent: Mar 31, 2025 06:07 AM
From: Gian911
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Hi, I have guests complaining for the same issue but with email link verification. With sms OTP code everything looks fine.

Just tried to upgrade to 10.7.1.1 and issue still persists. Opened a case this morning, I will update topic here

Original Message:
Sent: Mar 07, 2025 11:48 AM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

I have created a ticket, but I doubt I'll be able to follow through as I'm never onsite and have a hard time working with support on tickets that is not 100% reproducible every time.

I will upgrade to 10.7.1.1 tonight to see if the Guest SSID connection fix in that firmware might solve the issue for us.

Original Message:
Sent: Mar 07, 2025 11:40 AM
From: Carson Hulcher
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

That is very much something that TAC needs to look at.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Mar 07, 2025 10:10 AM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Yeah checked all that. They are running with the default certificates and also works flawlessly for the first couple of days or weeks. Then it stops intercepting the DNS request. Then I have to reboot the AP's to get I going again

Original Message:
Sent: Mar 07, 2025 09:29 AM
From: Willem Bargeman
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

------------------------------
Willem Bargeman
Systems Engineer Aruba
ACEX #125

Original Message:
Sent: Mar 07, 2025 06:33 AM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

Original Message:
Sent: Feb 18, 2025 04:27 PM
From: chulcher
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Feb 18, 2025 04:14 PM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Original Message:
Sent: 2/18/2025 4:03:00 PM
From: chulcher
Subject: RE: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Feb 18, 2025 01:42 PM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Original Message:
Sent: Feb 18, 2025 06:42 AM
From: Keyser
Subject: AOS10: Cloud Guest issue - securelogin.hpe.com not being resolved (captured/redirected?)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?

securelogin.hpe.com is being intercepted by the DNS engine on the AP. Some commands that can be useful

show captive-portal-domains
show cert all > search for "Current Web UI Server Certificate". This should be securelogin.hpe.com

Did you check the certificate usage settings in the AP group? Check the Captive portal certificate. 

Hmmm, the issues has just reappered on 10.7.0.1 today, so it seems it something that happens after a while on 10.7.x for us. 

Wondering if it could be tied to a specific AP model  or its a general issue.

I guess I have to open a ticket now.... :-(

That's what I was needing to hear, thank you.

Have you opened a case on this subject yet?

Is the authentication completing?  When the redirect fails, can the device browse to some other page that is manually specified?

Downgraded to 10.7.0.1 where it used to work, and that fixed the issue. So it seems there is a captive portal (Cloud Guest) flaw in 10.7.0.2 that does not completes the redirection for clients (and thus informs the guestdevice of its authentication succes) after the user has successfully entered the verification code (we use SMS verification required)

Hi all

Weird issue. Have a AOS 10 group (10.7.0.2) in Central that runs a Guest SSID with Cloud Guest captive portal. It has been working as expected when users register their phonenumber to recieve a verification code. It still does, but once the code is entered and we press Verify, we get a "unresolved error" and no redirection is done of the client to our company homepage.

The browser says its "securelogin.hpe.com" that is unresolvable. The guest login is actually completed and internet is available - the users are just confused as it seems to error out.

Seems like the APs are not catching the DNS request for securelogin. 

Any idea´s?