Meraki

Community

client connection issues

zfrangi
Conversationalist
‎Jan 21 2021 10:55 AM
‎Jan 21 2021 10:55 AM

client connection issues

Im having an issue with a windows laptop connecting to our wifi.   Radius server shows the following....


  Reason Code:     265
  Reason:       The certificate chain was issued by an authority that is not trusted

 

We went ahead and updated that laptop to w10 1909 thinking that may be the issue and then it appeared to connect just fine (no errors in the nps server log) but heres where it gets weird.  The machine connects...gets an ip. I can ping it fine and im able to ping out on our lan from that laptop. Its not able to browse the internet at all. I even tried two different browsers.  

Im at a loss here...clearly something is going on however other clients appear to be fine.

0 Kudos
6 Replies 6
ww
Kind of a big deal
Kind of a big deal
‎Jan 21 2021 11:34 AM
‎Jan 21 2021 11:34 AM

What dns server is the client using?

Can the client ping 8.8.8.8 ?

Can it browse to: https://1.1.1.1/  ?

 

In response to ww
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jan 21 2021 11:40 AM
‎Jan 21 2021 11:40 AM

Agree it sounds like a DNS or IP settings issue. 

 

If you open command prompt and run the ipconfig command do you get an IP address that matches what you are expecting? 

 

Does your DHCP range have a large enough allocation?

In response to ww
zfrangi
Conversationalist
‎Jan 21 2021 12:45 PM
‎Jan 21 2021 12:45 PM

Machine has a valid ip and I can ping 8.8.8.8

 

When I browse to https://1.1.1.1 i get an error message that the connection is not secure. It says it uses an unsupported protocol. It definitely seems like this may be an internal dns issue?  

 

I just tried another device on this ap and im seeing the same issue. When I connect to another ap down the hall it works fine. So something is weird with this a/p.

0 Kudos
In response to zfrangi
zfrangi
Conversationalist
‎Jan 21 2021 12:48 PM
‎Jan 21 2021 12:48 PM

Im scheduling a firmware update on all of the access points tonight in the hopes that it fixes this...fingers crossed.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 21 2021 2:29 PM
‎Jan 21 2021 2:29 PM

This means the machine is authenticating to WiFi using a certificate, and that certificate is not trusted by the RADIUS server.

 

It has nothing to do with DNS servers, AP firmware versions, etc.

 

If you don't want to do certificate authentication then de-select it on the RADIUS server as a valid authentication option.  If you do want to use certificate authentication then fix the certificate on the client machine.

0 Kudos
In response to PhilipDAth
zfrangi
Conversationalist
‎Jan 22 2021 12:35 PM
‎Jan 22 2021 12:35 PM

So it looks like the firmware update didnt do anything.  In speaking with meraki support it seems to be an internal dns issue. Whats weird is that other devices on that same a/p using the same dns server work fine.  

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.