client connection issues

zfrangi
Conversationalist

client connection issues

Im having an issue with a windows laptop connecting to our wifi.   Radius server shows the following....


  Reason Code:     265
  Reason:       The certificate chain was issued by an authority that is not trusted

 

We went ahead and updated that laptop to w10 1909 thinking that may be the issue and then it appeared to connect just fine (no errors in the nps server log) but heres where it gets weird.  The machine connects...gets an ip. I can ping it fine and im able to ping out on our lan from that laptop. Its not able to browse the internet at all. I even tried two different browsers.  

Im at a loss here...clearly something is going on however other clients appear to be fine.

6 REPLIES 6
ww
Kind of a big deal
Kind of a big deal

What dns server is the client using?

Can the client ping 8.8.8.8 ?

Can it browse to: https://1.1.1.1/  ?

 

BlakeRichardson
Kind of a big deal

Agree it sounds like a DNS or IP settings issue. 

 

If you open command prompt and run the ipconfig command do you get an IP address that matches what you are expecting? 

 

Does your DHCP range have a large enough allocation?

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
zfrangi
Conversationalist

Machine has a valid ip and I can ping 8.8.8.8

 

When I browse to https://1.1.1.1 i get an error message that the connection is not secure. It says it uses an unsupported protocol. It definitely seems like this may be an internal dns issue?  

 

I just tried another device on this ap and im seeing the same issue. When I connect to another ap down the hall it works fine. So something is weird with this a/p.

zfrangi
Conversationalist

Im scheduling a firmware update on all of the access points tonight in the hopes that it fixes this...fingers crossed.

PhilipDAth
Kind of a big deal

This means the machine is authenticating to WiFi using a certificate, and that certificate is not trusted by the RADIUS server.

 

It has nothing to do with DNS servers, AP firmware versions, etc.

 

If you don't want to do certificate authentication then de-select it on the RADIUS server as a valid authentication option.  If you do want to use certificate authentication then fix the certificate on the client machine.

So it looks like the firmware update didnt do anything.  In speaking with meraki support it seems to be an internal dns issue. Whats weird is that other devices on that same a/p using the same dns server work fine.  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.