Help! 802.1x with PEAP authentication stopped working after 4.1-r3 upgrade

Three days ago I upgraded our On-premises cnMaestro to Version 2.4.1-r10 and E500, E410 and E600 to 4.1-r3. I started to have wireless connection issues on our Windows 7 laptops. Our corporate wireless network is using WPA2 Enterprise with 802.1x MS-PEAP and I use group policy to push it out to all domain member stations.

After the upgrade, no complaints from Windows 10. But the few Win7 laptops now put a red X on the SSID configured with WPA2 Enterprise. They connect fine to WPA2 Personal and other types of wireless networks offered by the same access points, though.

Does anyone have a fix on the Win7 side? I can’t rebuild the wireless profile on the win7 clients because it’s provisioned through group policy. I don’t want to roll back the firmware unless I absolutely must. From what I can tell, the clients probably don’t even attempt much because I have not found traces of connection requests or authentication failures in the radius server logs, i.e., Windows 2012 with NPS.

Any insight is welcome and much appreciated!

Daniel

You can delete the profile from the windows 7 client and add it again and try.

Regards
Anand

What was the previous firmware version we were using? Can we open up support ticket with Cambium to trouble shoo the issue? You can share us techsupport along the clients MAC to look into it.

Sorry for checking my post. I didn’t get notifications for some reason.
I already opened a ticket with Cambium support.
Basically, all my Win7 laptops are having the same issues so it’s not a corrupt profile issue. Besides, the 802.1x PEAP profile is implemented through Group Policy. You cannot manipulate it on the computers.

Fortunately, most of these win7 laptops are not used by critical personnel. And they do have docking stations.

Will report that once the issue is fixed. Thanks!

I fixed the issue by downgrading the firm back to 3.11.3-r7. Note that all versions I tried that are newer than this one will not work for WPA2 Enterprise w/802.11x MS-PEAP on Windows 7.

In fact, Cambium support told me, if you are not using IPv6, don’t upgrade to 4.x because it’s not proven stable for IPv4. If you don’t plan to include IPv6, stay in 3.x

1 Like

Just had the same thing with a Windows 10 laptop after upgrading e410 to 4.1.1-r5

Freeradius server showed authentication taking place, but client would not connect “could not connect to this network”

Doing pcap on the AP showed lots of “Null Supervisory, Receiver not Ready” messages from the laptop MAC address.

Rolled back to 3.11.4.1-r3 and client connected straight away.

Hi Khalil,
Can you please disable PMF in 4.1.1 firmware and try connecting the windows client and check whether it works or not.
If the client still fails to connect , can you please share the techsupport with us. You can click on my name and select message to respond individually

Regards
Anand

Hi @Anandakrishnan

Disabling PMF in 4.1.1-r5 seems to work. It was set to “optional” under 3.11 but didn’t cause an issue. Would be nice to use it if clients can support it as opposed to just disabling it globally.

Thanks for your help.

Hi Khalil,
We understand the importance of this feature. This issue will be fixed in the upcoming release. Will keep you posted.

Regards
Anand

1 Like

Seems to be the same on 4.2-r15, so have disabled PMF again and Windows client connects OK.