McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 16

↗ View in doc context
page
16
source
cucm/v15/troubleshoot-common-issues/troubleshoot-common-issues.md
chunk_id
cucm::v15::troubleshoot-common-issues::troubleshoot-common-issues::15

Phone status messages shows "802.1x Authentication: Failed" 1. Inspect phone logs of affected server and find "SSL_ERROR_WANT_READ" 2. 4592 NOT Feb 17 11:01:25.041733 (349-349) PAE: -Secure Connection Handshake in progress - status SSL_ERR 4593 NOT Feb 17 11:01:25.041826 (349-349) PAE: -EV_REQUEST_REC, ST_AUTHENTICATING->ST_AUTHENTICATING ++ EAP-Failure 4594 NOT Feb 17 11:01:25.041898 (349-349) PAE: -send EAP-Resp/TLS - id 9 4595 NOT Feb 17 11:01:25.042032 (349-349) PAE: -authWhile timer set: 30 sec 4596 NOT Feb 17 11:01:27.061822 (349-349) PAE: -[0001-0] 08-cc-a7-1c-bb-ae vid=0xfff=4095 static=0 pri=0 4597 NOT Feb 17 11:01:27.061950 (349-349) PAE: -port=0 4598 NOT Feb 17 11:01:27.062009 (349-349) PAE: -cprCdpGetPort address: 8:CC:A7:1C:BB:AE Phyport=0 app 4599 NOT Feb 17 11:01:27.062068 (349-349) PAE: - >>>>>>>>>>>>> port obtained = 0 for mac macAddress 08:c 4600 NOT Feb 17 11:01:27.062134 (349-349) PAE: -rcvd EAP-Failure 4601 NOT Feb 17 11:01:27.062189 (349-349) PAE: -EV_FAILURE, ST_AUTHENTICATING->ST_HELD 4602 WRN Feb 17 11:01:27.062462 (349-349) PAE: -802.1X auth FAILED 4603 NOT Feb 17 11:01:27.062550 (349-349) PAE: -paeInfoToInetd: PAE info sent to NETSD 4604 NOT Feb 17 11:01:27.062717 (1786-1880) JAVA-Calling handleNetSDEvent 4605 WRN Feb 17 11:01:27.062953 (1786-1880) JAVA-Thread-11|cip.sec.Security:? - Security: Received a pro 4606 DEB Feb 17 11:01:27.063039 (1786-1880) JAVA-openQue(): que->/tmp/pae_msg_que, key->0x101019ab 4607 DEB Feb 17 11:01:27.063069 (1786-1880) JAVA-openQue(): que->/tmp/pae_rsp_que, key->0x10101c4c 4608 DEB Feb 17 11:01:27.063091 (1786-1880) JAVA-getpaeinfo: send pae info message paeCmd.mtype=1880, pa 4609 DEB Feb 17 11:01:27.063121 (1786-1880) JAVA-getpaeinfo: recv pae info resp ret=-1, errno=No message 4610 NOT Feb 17 11:01:27.063306 (349-349) PAE: -paeInfoToInetd: Netsd event NETSD_EV_PAE sent to NETSD 4611 NOT Feb 17 11:01:27.063370 (349-349) PAE: - PAE RE-AUTH, not sending SEC_DOWN Netsd event for CDP 4612 NOT Feb 17 11:01:27.063423 (349-349) PAE: -paeSetLastSupStatus: LastSupStatus 0 4613 NOT Feb 17 11:01:27.063475 (349-349) PAE: -heldWhile timer set: 60 sec 4614 NOT Feb 17 11:01:27.064074 (349-349) PAE: -paeNetsdRcvMsg(349): PAE event: status: FAIL : Resource Solution Download the CAPF certificate from CUCM publisher and upload to the authentication server, bypass 802.1x to allow registration and install LSC certificate on affected phones. Scenario 4.2: Phones not register with CUCM that uses security profile on TLS mode. Phones show "Phone is registering" after regenerate CAPF certificate on CUCM publisher.