Re: [WIRELESS-LAN] Issues with Windows 10
Tim, I verified the behavior you mentioned, on my iPhone running iOS 11. I found a co-worker who still has iOS 10, and that is where I was remembering that behavior from. I had no idea it had changed, so thank you for the heads up - we will need to update our documentation. -hf On Tue, Jul 31, 2018 at 7:59 PM Cappalli, Tim (Aruba Security) wrote: > “Not Trusted” is always shown on iOS if the supplicant is not configured. > It has nothing to do with public root trust. > > > > macOS has split EAP trust vs system trusted CAs when displaying the prompt. > > > > > > *From: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Hunter Fuller < > hf0...@uah.edu> > *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > *Date: *Tuesday, July 31, 2018 at 8:50 PM > *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > *Subject: *Re: [WIRELESS-LAN] Issues with Windows 10 > > > > Because Macs and iPhones allow you to manually verify the certificate > hash, which is easier and equally secure to a supplicant utility, so we > also support that avenue for configuration. However, if you don't have a > public-CA-signed certificate, they display the words "Not Trusted" in red > bold letters during the certificate verification process. > > On Tue, Jul 31, 2018 at 5:30 PM Cappalli, Tim (Aruba Security) < > t...@hpe.com> wrote: > > Just curious, for those running a supplicant configuration utility, why > are you using a public CA-signed EAP server certificate? > > > On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group > Listserv on behalf of Charles Rumford" on behalf of charl...@isc.upenn.edu> wrote: > > On 07/31/2018 04:18 PM, Michael Dickson wrote: > > Hi Charles, > > > > > > What do you mean by "we ended up configuring all of the intermediate > certs"? Do > > you mean you are now pushing all certs down to the client during the > JoinNow > > process? > > Yes. We ended up, just for Windows, pushing all of certs down to the > clients. It > was the only way we could get the profile to work. > > > > > > > We are also running EAP-TTLS/PAP with JoinNow with a cross-signed > double > > intermediate cert. I haven't heard of any issues yet but want to get > in front of > > any that might crop up.. > > > > > > Thanks, > > Mike > > > > Michael Dickson > > Network Engineer > > Information Technology > > University of Massachusetts Amherst > > 413-545-9639 <(413)%20545-9639> > > michael.dick...@umass.edu > > PGP: 0x16777D39 > > > > > > > > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv > > on behalf of Charles Rumford > > > > *Sent:* Tuesday, July 31, 2018 12:24 PM > > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > *Subject:* Re: [WIRELESS-LAN] Issues with Windows 10 > > > > On 07/30/2018 01:09 PM, Turner, Ryan H wrote: > >> From SecureW2: > >> > >> The issue is noticed when the RADIUS server cert is signed by > AddTrust External CA Root (Cross signed by USERTrust RSA Certification > Authority) and with the recent windows 10 update. We are looking into this > and should be able to provide you an update. > >> > > > > We ended up configuring all of the intermediate certs, and it solved > the problem. > > > > > > -- > > Charles Rumford > > Senior Network Engineer > > ISC Tech Services > > University of Pennsylvania > > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > > > > > ** > > Participation and subscription information for this EDUCAUSE > Constituent Group > > discussion list can be found at http://www.educause.edu/discuss. > > > > ** Participation and subscription information for this > EDUCAUSE > > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > > > > > -- > Charles Rumford > Senior Network Engineer > ISC Tech Services > University of Pennsylvania > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > ** > Participation
Re: [WIRELESS-LAN] Issues with Windows 10
“Not Trusted” is always shown on iOS if the supplicant is not configured. It has nothing to do with public root trust. macOS has split EAP trust vs system trusted CAs when displaying the prompt. From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Hunter Fuller Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: Tuesday, July 31, 2018 at 8:50 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] Issues with Windows 10 Because Macs and iPhones allow you to manually verify the certificate hash, which is easier and equally secure to a supplicant utility, so we also support that avenue for configuration. However, if you don't have a public-CA-signed certificate, they display the words "Not Trusted" in red bold letters during the certificate verification process. On Tue, Jul 31, 2018 at 5:30 PM Cappalli, Tim (Aruba Security) mailto:t...@hpe.com>> wrote: Just curious, for those running a supplicant configuration utility, why are you using a public CA-signed EAP server certificate? On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Charles Rumford" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of charl...@isc.upenn.edu<mailto:charl...@isc.upenn.edu>> wrote: On 07/31/2018 04:18 PM, Michael Dickson wrote: > Hi Charles, > > > What do you mean by "we ended up configuring all of the intermediate certs"? Do > you mean you are now pushing all certs down to the client during the JoinNow > process? Yes. We ended up, just for Windows, pushing all of certs down to the clients. It was the only way we could get the profile to work. > > > We are also running EAP-TTLS/PAP with JoinNow with a cross-signed double > intermediate cert. I haven't heard of any issues yet but want to get in front of > any that might crop up.. > > > Thanks, > Mike > > Michael Dickson > Network Engineer > Information Technology > University of Massachusetts Amherst > 413-545-9639 > michael.dick...@umass.edu<mailto:michael.dick...@umass.edu> > PGP: 0x16777D39 > > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv > mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Charles Rumford > mailto:charl...@isc.upenn.edu>> > *Sent:* Tuesday, July 31, 2018 12:24 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > *Subject:* Re: [WIRELESS-LAN] Issues with Windows 10 > > On 07/30/2018 01:09 PM, Turner, Ryan H wrote: >> From SecureW2: >> >> The issue is noticed when the RADIUS server cert is signed by AddTrust External CA Root (Cross signed by USERTrust RSA Certification Authority) and with the recent windows 10 update. We are looking into this and should be able to provide you an update. >> > > We ended up configuring all of the intermediate certs, and it solved the problem. > > > -- > Charles Rumford > Senior Network Engineer > ISC Tech Services > University of Pennsylvania > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > > ** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/discuss. > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/discuss. > -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. -- -- Hunter Fuller Network Engineer VBH Annex B-5 +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Issues with Windows 10
Because Macs and iPhones allow you to manually verify the certificate hash, which is easier and equally secure to a supplicant utility, so we also support that avenue for configuration. However, if you don't have a public-CA-signed certificate, they display the words "Not Trusted" in red bold letters during the certificate verification process. On Tue, Jul 31, 2018 at 5:30 PM Cappalli, Tim (Aruba Security) wrote: > Just curious, for those running a supplicant configuration utility, why > are you using a public CA-signed EAP server certificate? > > > On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group > Listserv on behalf of Charles Rumford" on behalf of charl...@isc.upenn.edu> wrote: > > On 07/31/2018 04:18 PM, Michael Dickson wrote: > > Hi Charles, > > > > > > What do you mean by "we ended up configuring all of the intermediate > certs"? Do > > you mean you are now pushing all certs down to the client during the > JoinNow > > process? > > Yes. We ended up, just for Windows, pushing all of certs down to the > clients. It > was the only way we could get the profile to work. > > > > > > > We are also running EAP-TTLS/PAP with JoinNow with a cross-signed > double > > intermediate cert. I haven't heard of any issues yet but want to get > in front of > > any that might crop up.. > > > > > > Thanks, > > Mike > > > > Michael Dickson > > Network Engineer > > Information Technology > > University of Massachusetts Amherst > > 413-545-9639 <(413)%20545-9639> > > michael.dick...@umass.edu > > PGP: 0x16777D39 > > > > > > > > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv > > on behalf of Charles Rumford > > > > *Sent:* Tuesday, July 31, 2018 12:24 PM > > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > *Subject:* Re: [WIRELESS-LAN] Issues with Windows 10 > > > > On 07/30/2018 01:09 PM, Turner, Ryan H wrote: > >> From SecureW2: > >> > >> The issue is noticed when the RADIUS server cert is signed by > AddTrust External CA Root (Cross signed by USERTrust RSA Certification > Authority) and with the recent windows 10 update. We are looking into this > and should be able to provide you an update. > >> > > > > We ended up configuring all of the intermediate certs, and it solved > the problem. > > > > > > -- > > Charles Rumford > > Senior Network Engineer > > ISC Tech Services > > University of Pennsylvania > > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > > > > > ** > > Participation and subscription information for this EDUCAUSE > Constituent Group > > discussion list can be found at http://www.educause.edu/discuss. > > > > ** Participation and subscription information for this > EDUCAUSE > > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > > > > > -- > Charles Rumford > Senior Network Engineer > ISC Tech Services > University of Pennsylvania > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > > > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > > -- -- Hunter Fuller Network Engineer VBH Annex B-5 +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Issues with Windows 10
We didn't know that the mechanism to validate a certificate wasn't really that strict and thought it was a good idea. If we had to do it over, it would totally be a self signed cert with a long expiration date. Also we had never dealt with intermediates and changing roots due to expiration for the first several years. Thanks, Joseph B. Sent from my iPhone > On Jul 31, 2018, at 6:30 PM, Cappalli, Tim (Aruba Security) > wrote: > > Just curious, for those running a supplicant configuration utility, why are > you using a public CA-signed EAP server certificate? > > > On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group > Listserv on behalf of Charles Rumford" behalf of charl...@isc.upenn.edu> wrote: > >>On 07/31/2018 04:18 PM, Michael Dickson wrote: >> Hi Charles, >> >> >> What do you mean by "we ended up configuring all of the intermediate certs"? >> Do >> you mean you are now pushing all certs down to the client during the JoinNow >> process? > >Yes. We ended up, just for Windows, pushing all of certs down to the > clients. It >was the only way we could get the profile to work. > >> >> >> We are also running EAP-TTLS/PAP with JoinNow with a cross-signed double >> intermediate cert. I haven't heard of any issues yet but want to get in >> front of >> any that might crop up.. >> >> >> Thanks, >> Mike >> >> Michael Dickson >> Network Engineer >> Information Technology >> University of Massachusetts Amherst >> 413-545-9639 >> michael.dick...@umass.edu >> PGP: 0x16777D39 >> >> >> >> ------------ >> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv >> on behalf of Charles Rumford >> >> *Sent:* Tuesday, July 31, 2018 12:24 PM >> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> *Subject:* Re: [WIRELESS-LAN] Issues with Windows 10 >> >>> On 07/30/2018 01:09 PM, Turner, Ryan H wrote: >>> From SecureW2: >>> >>> The issue is noticed when the RADIUS server cert is signed by AddTrust >>> External CA Root (Cross signed by USERTrust RSA Certification Authority) >>> and with the recent windows 10 update. We are looking into this and should >>> be able to provide you an update. >>> >> >> We ended up configuring all of the intermediate certs, and it solved the >> problem. >> >> >> -- >> Charles Rumford >> Senior Network Engineer >> ISC Tech Services >> University of Pennsylvania >> OpenPGP Key ID: 0x173F5F3A (2018/07/05) >> >> >> ** >> Participation and subscription information for this EDUCAUSE Constituent >> Group >> discussion list can be found at http://www.educause.edu/discuss. >> >> ** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/discuss. >> > > >-- >Charles Rumford >Senior Network Engineer >ISC Tech Services >University of Pennsylvania >OpenPGP Key ID: 0x173F5F3A (2018/07/05) > >** >Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > > > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Issues with Windows 10
Just curious, for those running a supplicant configuration utility, why are you using a public CA-signed EAP server certificate? On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Charles Rumford" wrote: On 07/31/2018 04:18 PM, Michael Dickson wrote: > Hi Charles, > > > What do you mean by "we ended up configuring all of the intermediate certs"? Do > you mean you are now pushing all certs down to the client during the JoinNow > process? Yes. We ended up, just for Windows, pushing all of certs down to the clients. It was the only way we could get the profile to work. > > > We are also running EAP-TTLS/PAP with JoinNow with a cross-signed double > intermediate cert. I haven't heard of any issues yet but want to get in front of > any that might crop up.. > > > Thanks, > Mike > > Michael Dickson > Network Engineer > Information Technology > University of Massachusetts Amherst > 413-545-9639 > michael.dick...@umass.edu > PGP: 0x16777D39 > > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv > on behalf of Charles Rumford > > *Sent:* Tuesday, July 31, 2018 12:24 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] Issues with Windows 10 > > On 07/30/2018 01:09 PM, Turner, Ryan H wrote: >> From SecureW2: >> >> The issue is noticed when the RADIUS server cert is signed by AddTrust External CA Root (Cross signed by USERTrust RSA Certification Authority) and with the recent windows 10 update. We are looking into this and should be able to provide you an update. >> > > We ended up configuring all of the intermediate certs, and it solved the problem. > > > -- > Charles Rumford > Senior Network Engineer > ISC Tech Services > University of Pennsylvania > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > > ** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/discuss. > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/discuss. > -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Issues with Windows 10
On 07/31/2018 04:18 PM, Michael Dickson wrote: > Hi Charles, > > > What do you mean by "we ended up configuring all of the intermediate certs"? > Do > you mean you are now pushing all certs down to the client during the JoinNow > process? Yes. We ended up, just for Windows, pushing all of certs down to the clients. It was the only way we could get the profile to work. > > > We are also running EAP-TTLS/PAP with JoinNow with a cross-signed double > intermediate cert. I haven't heard of any issues yet but want to get in front > of > any that might crop up.. > > > Thanks, > Mike > > Michael Dickson > Network Engineer > Information Technology > University of Massachusetts Amherst > 413-545-9639 > michael.dick...@umass.edu > PGP: 0x16777D39 > > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv > on behalf of Charles Rumford > > *Sent:* Tuesday, July 31, 2018 12:24 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] Issues with Windows 10 > > On 07/30/2018 01:09 PM, Turner, Ryan H wrote: >> From SecureW2: >> >> The issue is noticed when the RADIUS server cert is signed by AddTrust >> External CA Root (Cross signed by USERTrust RSA Certification Authority) and >> with the recent windows 10 update. We are looking into this and should be >> able to provide you an update. >> > > We ended up configuring all of the intermediate certs, and it solved the > problem. > > > -- > Charles Rumford > Senior Network Engineer > ISC Tech Services > University of Pennsylvania > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > > ** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/discuss. > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Issues with Windows 10
Hi Charles, What do you mean by "we ended up configuring all of the intermediate certs"? Do you mean you are now pushing all certs down to the client during the JoinNow process? We are also running EAP-TTLS/PAP with JoinNow with a cross-signed double intermediate cert. I haven't heard of any issues yet but want to get in front of any that might crop up.. Thanks, Mike Michael Dickson Network Engineer Information Technology University of Massachusetts Amherst 413-545-9639 michael.dick...@umass.edu<mailto:michael.dick...@umass.edu> PGP: 0x16777D39 From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Charles Rumford Sent: Tuesday, July 31, 2018 12:24 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Issues with Windows 10 On 07/30/2018 01:09 PM, Turner, Ryan H wrote: > From SecureW2: > > The issue is noticed when the RADIUS server cert is signed by AddTrust > External CA Root (Cross signed by USERTrust RSA Certification Authority) and > with the recent windows 10 update. We are looking into this and should be > able to provide you an update. > We ended up configuring all of the intermediate certs, and it solved the problem. -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Issues with Windows 10
On 07/30/2018 01:09 PM, Turner, Ryan H wrote: > From SecureW2: > > The issue is noticed when the RADIUS server cert is signed by AddTrust > External CA Root (Cross signed by USERTrust RSA Certification Authority) and > with the recent windows 10 update. We are looking into this and should be > able to provide you an update. > We ended up configuring all of the intermediate certs, and it solved the problem. -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. signature.asc Description: OpenPGP digital signature
Re: [WIRELESS-LAN] Issues with Windows 10
From SecureW2: The issue is noticed when the RADIUS server cert is signed by AddTrust External CA Root (Cross signed by USERTrust RSA Certification Authority) and with the recent windows 10 update. We are looking into this and should be able to provide you an update. Ryan Turner Senior Manager of Networking, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office > On Jul 30, 2018, at 11:31 AM, Enfield, Chuck wrote: > > We had a cert issue a few years back. Our intermediate cert authority got a > root cert of their own and it started getting deployed with major operating > systems. Devices that had the new root cert wouldn't use the old root cert, > so server validation failed. I don’t see how reinstalling the wireless > driver would correct that problem, so I'm not saying you have the same issue. > It's just something to check for. > > Chuck > > -Original Message- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > On Behalf Of Charles Rumford > Sent: Monday, July 30, 2018 11:25 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Issues with Windows 10 > >> On 07/30/2018 11:22 AM, Turner, Ryan H wrote: >> We aren't running your method, but we also haven't heard of any mass >> scale issues (doesn't mean there isn't). What did SecureW2 say? > > > They are telling us that it's an issue with our cert stack, which I'm having > a hard time believing. > > We have a call with them this afternoon to try and figure it out before we > deploy in the morning. > > > -- > Charles Rumford > Senior Network Engineer > ISC Tech Services > University of Pennsylvania > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Issues with Windows 10
We had a cert issue a few years back. Our intermediate cert authority got a root cert of their own and it started getting deployed with major operating systems. Devices that had the new root cert wouldn't use the old root cert, so server validation failed. I don’t see how reinstalling the wireless driver would correct that problem, so I'm not saying you have the same issue. It's just something to check for. Chuck -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv On Behalf Of Charles Rumford Sent: Monday, July 30, 2018 11:25 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Issues with Windows 10 On 07/30/2018 11:22 AM, Turner, Ryan H wrote: > We aren't running your method, but we also haven't heard of any mass > scale issues (doesn't mean there isn't). What did SecureW2 say? They are telling us that it's an issue with our cert stack, which I'm having a hard time believing. We have a call with them this afternoon to try and figure it out before we deploy in the morning. -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Issues with Windows 10
On 07/30/2018 11:22 AM, Turner, Ryan H wrote: > We aren't running your method, but we also haven't heard of any mass scale > issues (doesn't mean there isn't). What did SecureW2 say? They are telling us that it's an issue with our cert stack, which I'm having a hard time believing. We have a call with them this afternoon to try and figure it out before we deploy in the morning. -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. signature.asc Description: OpenPGP digital signature
RE: [WIRELESS-LAN] Issues with Windows 10
We aren't running your method, but we also haven't heard of any mass scale issues (doesn't mean there isn't). What did SecureW2 say? Ryan Turner Senior Manager, Networking The University of North Carolina at Chapel Hill +1 919 445 0113 Office +1 919 274 7926 Mobile r...@unc.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv On Behalf Of Charles Rumford Sent: Monday, July 30, 2018 10:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Issues with Windows 10 Good morning everyone - We here at Penn have recently come across a strange issue with Windows 10 and our new JoinNow installation. The run down goes like this: 1) Connect to onboarding SSID 2) Run JoinNow 3) Authentication Loop on Windows 10 Doing some research into it, there are a couple of things we noticed: a) If we turn off server validation, the Windows 10 device connects fine. b) looking at a packet trace, the device just stops responding to the RADIUS server after the server cert has been pasted to the client. c) we have to re-install the wireless driver on the device to be able to get the device working again. d) Our old CloudPath installation appears to be resulting in the same thing. We are running EAP-TTLS/EAP-PAP here. I was curious if anyone else was seeing issues with Windows 10 devices following the latest patching from Microsoft. -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Issues with Windows 10
Good morning everyone - We here at Penn have recently come across a strange issue with Windows 10 and our new JoinNow installation. The run down goes like this: 1) Connect to onboarding SSID 2) Run JoinNow 3) Authentication Loop on Windows 10 Doing some research into it, there are a couple of things we noticed: a) If we turn off server validation, the Windows 10 device connects fine. b) looking at a packet trace, the device just stops responding to the RADIUS server after the server cert has been pasted to the client. c) we have to re-install the wireless driver on the device to be able to get the device working again. d) Our old CloudPath installation appears to be resulting in the same thing. We are running EAP-TTLS/EAP-PAP here. I was curious if anyone else was seeing issues with Windows 10 devices following the latest patching from Microsoft. -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
