Wifi connect fail for EAP-TLS on certain iPhones

Question

Created Oct ’22

Replies 4

Boosts 0

Views 2.6k

Participants 2

I am running an embedded Acess Point with WPA2-Enterprise with EAP-TLS authentication. My primary test device is iPhone11 (ios 15.6.1) and I have a secondary device iPhoneXR (16.0.2) for testing.

My primary device assocaites and authenticates to my access point successfully. On initial connection the server certificate is displayed and prompted to be Trusted and in doing so the authentication completes as expected.

However when doing the exact same process on the secondary device, the process fails and I get the "unable to join network...." pop up. This occurs when the iPhone recieves the server certificate, but instead of displaying the certificate for the request to Trust, it immediatley disassociates the connection.

On capturing the WiFI traffic, the client can be seen to issue the disassociate request with reason 8 (STA leaving the BSS) - what prevokes this?

I am struggling to understand why one device is working just fine and the other is failing under the exactly the same test conditions. This is 100% repeatable and the failure is always a the same point in the process.

I'm struggling to explain why one device works just fine and the other does not. How can I determine what is causing the secondary device to disassociate during the authentication?

Boost

Answer 1

Systems Engineer OP

Apple

Oct ’22

I am struggling to understand why one device is working just fine and the other is failing under the exactly the same test conditions. This is 100% repeatable and the failure is always a the same point in the process.

A few questions to get some more information here:

Do you have any other logs from the iOS 16.0.2 device when this failure takes place?
How are you performing the EAP-TLS authentication, is it by using a profile or by using NEHotspotEAPSettings?
Do you know what version of TLS is being negotiated during authentication?

0

Answer 2

prince_s OP

Oct ’22

Hi, I've attached a console log filtered on wifid for this event. The WiFi AP SSID is OMENS and you can see the connection starts at beginning of log: default 10:59:12.169709-0400 wifid Attempting to join EAP network: OMENS and then the notifiication of failure at the end of log: error 10:59:19.067390-0400 wifid {ASSOC-} Failed to join(-3905 - 0xFFFFF0BF)/(-3903): OMENS (I have the full log but it seems to large to attach?)

In this case I'm actually using Jumpcloud as Raas to ensure I was not having certificate issues. So the certificate processing can be seen within the second console log filtered on trustd As I've switched to Jump cloud, this is now using EAP-PEAP/MSCHAP2 (natively from the iOS Wifi connection page) so no special profile beign used, however the failure is exactly the same, something happens at the point the server certificiate is passed to the iOS client. Authentication is using TLS version 1.2

log-file

0

Answer 3

Systems Engineer OP

Apple

Oct ’22

Thank you for sending along these logs. It looks like your association is actually timing out:

error	10:59:19.043447-0400	Preferences	{ASSOC*} association failed to OMENS, error: Error Domain=com.apple.corewifi.error.wifid Code=-3905 "(null)"

And it looks like -3905 maps to unknown error or a general Wi-Fi error, which is also not very helpful. Since this works on iOS 15 but not on iOS 16 I would say that the next step here is to open a bug report with a sysdiagnose. Please post the Feedback ID here.

0

Answer 4

ForumsContributor OP

Jan ’23

Hi @prince_s, I’m running into the same exact issue. Configuration works on iOS 15 and fails in iOS 16. I see the connection succeeding initially and then the client sends dissociation requests.

Were you able to sort it out on your end?

0