cancel
Showing results for 
Search instead for 
Did you mean: 

OAC - 802.1X layer 2 - Connection prior to Windows login - certificate rejected

SOLVED
papageno_
Contributor

OAC - 802.1X layer 2 - Connection prior to Windows login - certificate rejected

Hi all

 

I am trying to set up Odyssey for 802.1x authentication to UAC, using the "Prior to Windows login" option for single sign on.  However, the Odyssey client is rejecting the UAC's certificate, even though I have installed all the certificates in the chain under the machine account, as described in 

 

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB10484

 

Instead, the logon via the Odyssey tile finally results in

 

Odyssey Access Client was unable to connect to the network

Reason: Client issued alert 42(bad certificate)

Type: EAP-TTLS

Access point id:                              User Name:

 

If I configure the PC to use the Microsoft 802.1x driver, and use Single-sign-on using machine credentials prior to Windows login, and to care about the certificate presented, it does not complain about the offered certificate.

 

The details are:

 

Odyssey UAC Edition v 5.40.19633.0

Windows 7 Enterprise SP1

UAC (IC6500) 4.2R3 (build 19633)

 

Any ideas on what is going on and how to fix it?

 

Secondarily, is there any way to get Odyssey to log the attempt?  I can do it from the Odyssey GUI once I am already logged in, of course, but how can I get it to log the events prior to login?

 

Any help gratefully accepted.

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
papageno_
Contributor

Re: OAC - 802.1X layer 2 - Connection prior to Windows login - certificate rejected

Found the problem.  I had not configured the trust under Odyssey Access Client Manager ... Initial Settings ... Trusted Servers.

View solution in original post

3 REPLIES 3
papageno_
Contributor

Re: OAC - 802.1X layer 2 - Connection prior to Windows login - certificate rejected

 

 

Also, if we configure Odyssey to connect after Windows logon, we get no such error.  I have checked that the certificates held in the machine account are the same ones as in the user account.  Why would the machine reject the certificate if the user process doesn't?

papageno_
Contributor

Re: OAC - 802.1X layer 2 - Connection prior to Windows login - certificate rejected

...and if I disable server verification in the initial profile, all goes well.

papageno_
Contributor

Re: OAC - 802.1X layer 2 - Connection prior to Windows login - certificate rejected

Found the problem.  I had not configured the trust under Odyssey Access Client Manager ... Initial Settings ... Trusted Servers.

View solution in original post