Wireless Access

 View Only

  • 1.  MacBook Not Able to Connect

    Posted Jan 13, 2023 03:16 PM

    Help Please!

    I renewed the InCommon (Comodo) SSL certificates on my NPS servers this morning. Since, ~50 MacBooks did not get the certificate validation popup to trust and accept the certificate. Those that did not get the popup are failing authentication and cannot get on any of my 802.1X networks. We have tried deleting all traces and even manually adding / trusting the certificates. The rest of the MacBooks (thousands) that did get the popup are able to trust, accept the certificate, and get on the .1X networks. The fail/no-fail crosses MacBooks with the same OS version (usually OS 12.6 Monterey) and same types of hardware. Has anybody seen this?

    Thanks,

    Brad

     



  • 2.  RE: MacBook Not Able to Connect

    Posted Jan 23, 2023 05:22 AM
    This is why you should use a private CA for your EAP certificate and use tooling (Group Policy, MDM, Onboard) to get your clients configured for 802.1X and server trust.

    If MAC clients manually trusted the server certificate, it's possible that when you change the server certificate that they won't connect.

    How do you provision your clients?

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: MacBook Not Able to Connect

    Posted Jan 23, 2023 09:01 AM
    Hello Brad, 
    We have seen this on Ventura, Big Sur, Catalina, and Mojave.  We found this only on MAC OS where the client could not connect to eduroam (WPA2 Enterprise) the fix we found is: 
    Normally when customers have issues we either forget the eduroam SSID or remove the (our cert) cert or both and a device will work. With Big Sur and Catalina those alone do not work. With Catalina you need to also remove the profile ISSI-eduroam. 
    This worked on some devices and this worked for others:
    UPDATE on the MACs. I had a customer with Ventura and the eduroam failed. Here are the steps that fixed this MAC running Ventura:
    • Go into system profiles and delete the eduroam profile
    • Machine may or may not prompted for machine password
    • Go to eduroam and type in user name and password
    Hope this helps.
    Bill



Related Content