Troubleshooting
View Authentication Logs
Prerequisites: You must have the rights to administer logs.
- Select Tools, Log and then View Authentication.
- For the Time Criteria, specify the From and To dates for the time period required.
-
For the General Criteria:
- Select the Server for the authentication data you want to view.
- To view the logs for specific server with a pool of servers, select the Server IP address for the required server.
- To view data for a specific user, enter the user’s ID in the User ID field.
- To view error data only, select REJECTED only.
- Click Show to display the authentication data corresponding to the specified criteria.
- Use Print to print the displayed data.
To produce more sophisticated statistics with standard reporting tools, you can access the data stored in the A_AHLOG table directly from the AAA Server database. You need to use a tool that supports ODBC (DSN=ActivPackAdmin).
Failure Reasons
If authentication fails, then you can view the authentication logs to identify the reason.
The table below lists the authentication failure reasons for the EAP methods.
| EAP Method | Failure Reason |
|---|---|
| EAP-TLS | AAA Server certificate CA is not trusted by the client. |
| Client certificate CA is not trusted by the AAA Server. | |
| Client certificate name does not match the user name specified in the RADIUS packet. | |
| Client certificate is expired. | |
| Client certificate is not yet valid. | |
| Client certificate is revoked. | |
| Configured CRL expired (Microsoft CA). | |
| PEAP-MSCHAP V2 | AAA Server certificate CA is not trusted by the client. |
| MSCHAP V2 NT Response is not valid. | |
| Server authentication is not validated by the client. | |
| PEAP-GTC | AAA Server certificate CA is not trusted by the client. |
| GTC password response is not valid. |
