SOTI Pulse Logo

Unable to Log in into 802.1x WIFI EAP-TLS

LC
Leon Callsen
Taneri Consulting GmbH (TCG Global)

Hi Everyone, 
I sucessfully did the implementation of my CA into MobiControl. (AD CS DCOM)
I created the needed templates for my devices. 
My devices are not logging in to my 802.1x EAP-TLS SSID it is only "saved" under wifi configuration.
I am testing with Samsung and Zebra devices on Android 11/13. 

As I checked the certificates on the devices on the Zebra device the CA root certificate is not selectable as CA certificate. On the Samsung device it is selectable.
Both devices are not logging in. 
Can someone tell me what it "Identity" does? 
The Android devices wants to have an identity or I am not able to connect to the WIFI. 

Maybe I have a misconfiguration on my Windows NPS server? 
I can't see any logs there. 

wifi certificates 802.1x
a year ago
Android
ANSWERS
MD
Matt Dermody Diamond Contributor
a year ago
LC
Leon Callsen
a year ago

Hi Matt, 

thanks for your reply. 
I configured the domain aswell. 
I already had the experience with this behavior on some customer implementations.


What I find strange is that I don't even see a request on the Windows NPS server unless I manually change the CA certificate on the devices.
Tomorrow I can try it with an IOS device. 
I am not sure if this is an android related error. 

M
MaikStrassmann
a year ago

We also currently have the problem with EAP-TLS Wlan at ONE of our locations.
All ZEBRA devices are working.
And not a single HONEYWELL device.

The same WLAN profiles, settings, certificates - everything is identical.
With the Honeywell device, the device tries to connect for 10-15s, then says ”
Network connection could not be established”

Could be a similar problem. However, I am surprised that it only occurs at one location and only with one device type.

And no, I have no idea.

LC
Leon Callsen
12 months ago

Hi Maik, do you also use Microsoft NPS? 
Do you have any error logs their? 
What do you use as Identity on the Zebra devices? 

S
SKMOD@SOTI
11 months ago

Hi Leon Callsen,

Thank you for your post on SOTI Pulse.

Thank you Matt and MaikStrassmann for responding to the post, your expertise and willingness to help are greatly appreciated!

Could you kindly let us know if your issue has been resolved?

If you have any additional questions or concerns, please don’t hesitate to reach out. We are here to provide support and assistance whenever you need it.

Kind regards,
Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

LC
Leon Callsen
11 months ago

Hi SKMOD, 

at the moment I was not able to fix this issue.
I can use PEAP and it is working. 
I am unable to use TLS because the devices are not in the domain and I don't want to use active directory. 

Is there any other idea what I can do? 
I think this issue belongs to the Microsoft NPS configuration. 

K
KAMOD@soti.net
10 months ago

Hi Leon Callsen,

Thank you for your post on SOTI Pulse.

We have troubleshot a few things and here are the findings for you:

TLS Resolution with SOTI MobiControl (Non-Domain Devices)

  1. Configure NPS for PEAP:

    • Set NPS to use PEAP with the correct root CA certificate.
    • Allow authentication without domain membership.

  2. Deploy Certificates via SOTI MobiControl:

    • Deploy client certificates to devices using MobiControl.
    • Assign certificate profiles.

  3. Adjust NPS for EAP-TLS:

    • Configure NPS for certificate-based authentication (EAP-TLS).
    • Trust the CA that issued the certificates.

  4. Test and Troubleshoot:

    • Verify authentication with PEAP/EAP-TLS.
    • Ensure RADIUS ports (UDP 1812/1813) are open.

This ensures secure authentication without domain joining.

Please let us know if this resolves the issue and if we were able to support you.

Thank you for choosing SOTI.

R
Ralph
9 months ago

Maybe somewhat late, but we had a similar issue with ELO devices a while ago. This was post EA enrollment into MC though, it was hindering that.


There were several SSID's available to connect to and for specifically one of them, it was impossible to connect to, it kept "saving" but not making a connection.


The fix back then, was to set the wifi Fast Transition/FT setting from "Adaptive" to "Enabled".

Similar Discussions