Re: 802.1x authentication error: E63502::Certificate not yet valid. (1417 Views)
Reply
Advisor
LS1971
Posts: 33
Registered: ‎03-19-2012
Message 1 of 3 (1,722 Views)

802.1x authentication error: E63502::Certificate not yet valid.

Hi,

 

we have an iMC installation with WLAN+UAM. An LDAP connection is configured, the users get synced on demand. We can automatically log in from our Windows 7 domain integrated clients. We can also access the guest WLAN (same SSID, different VLAN ID) from Androids and iPhones using a specific AD user.
But when we try to log in from a Windows 7 workgroup client (not domain integrated) we get the following error in iMC Authentication Failure Log List:

 

E63502::Certificate not yet valid.

 

On the Windows client we get the following three error events:

 

Log Name:      Microsoft-Windows-WLAN-AutoConfig/Operational
Source:        Microsoft-Windows-WLAN-AutoConfig
Date:          03.09.2013 18:24:42
Event ID:      12013
Task Category: OneXAuthentication
Level:         Error
Keywords:      (512)
User:          SYSTEM
Computer:      PCNAME
Description:
Wireless 802.1x authentication failed.Network Adapter: D-Link DWA-121 Wireless N USB Adapter
Interface GUID: {b40379ff-21e6-479a-9e9c-e8fe3fcbf3ce}
Local MAC Address: FE:CC:BA:98:76:54
Network SSID: SECRETSSID
BSS Type: Infrastructure
Peer MAC Address: 12:34:56:78:9A:BC
Identity: NULL
User: username
Domain: PCNAME
Reason: Explicit Eap failure received
Error: 0x80420014
EAP Reason: 0x80420100
EAP Root cause String:
EAP Error: 0x80420014

 

Log Name:      Microsoft-Windows-WLAN-AutoConfig/Operational
Source:        Microsoft-Windows-WLAN-AutoConfig
Date:          03.09.2013 18:24:42
Event ID:      11006
Task Category: MsmSecurity
Level:         Error
Keywords:      (512)
User:          SYSTEM
Computer:      PCNAME
Description:
Wireless security failed.Network Adapter: D-Link DWA-121 Wireless N USB Adapter
Interface GUID: {b40379ff-21e6-479a-9e9c-e8fe3fcbf3ce}
Local MAC Address: FE:CC:BA:98:76:54
Network SSID: SECRETSSID
BSS Type: Infrastructure
Peer MAC Address: 12:34:56:78:9A:BC
Reason: Explicit Eap failure received
Error: 0x80420014

 

Log Name:      Microsoft-Windows-WLAN-AutoConfig/Operational

Source:        Microsoft-Windows-WLAN-AutoConfig
Date:          03.09.2013 18:24:42
Event ID:      8002
Task Category: AcmConnection
Level:         Error
Keywords:      (512)
User:          SYSTEM
Computer:      PCNAME
Description:
WLAN AutoConfig service failed to connect to a wireless network.Network Adapter: D-Link DWA-121 Wireless N USB Adapter
Interface GUID: {b40379ff-21e6-479a-9e9c-e8fe3fcbf3ce}
Connection Mode: Connection to a secure network without a profile
Profile Name: SECRETSSID
SSID:SECRETSSID
BSS Type: Infrastructure
Failure Reason:The specific network is not available.


We found and installed a Microsoft hotfix for Windows 7:

 

Windows 7 does not connect to an IEEE 802.1X-authenticated network if an invalid certificate is installed
http://support.microsoft.com/kb/2494172

 

But that didn't change anything.

 

Any ideas?

 

Regards, Leonardo

Member
Eduardo_1
Posts: 5
Registered: ‎08-07-2009
Message 2 of 3 (1,425 Views)

Re: 802.1x authentication error: E63502::Certificate not yet valid.

I had this problem one time ago and the message about certificate not yet valid let me think it is related to time, but this was wrong, in my case the problem was solved configuring a different certificate template. I remember that we have to try several different options with subject name and alternate name options in certificate. This was a long time ago and now I do not have the template I used anymore. Now I am facing the same problem again in a customer and trying to find again the correct template. Please if someone reading this message is able to figure out the correct certificate template please let me know, I will do the same if I was able to discover the correct template I used in the past. Thanks. Bye Edu

Honored Contributor
Peter_Debruyne
Posts: 328
Registered: ‎03-21-2011
Message 3 of 3 (1,417 Views)

Re: 802.1x authentication error: E63502::Certificate not yet valid.

Hi,

 

I normally use a copy of the Web server template, which worked fine so far. I did have issues with some certificates in the past which were too big and got fragmented in the EAP exchange process.

Creating another cert resolved that issue,

 

Best regards,Peter.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.