cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft Surface, just not compatible with Ruckus?

charles_sprick1
New Contributor III
Seeing this at three different locations - customers show up with an MS Surface device and they simply cannot log in. No interesting logs in the ZD, I'll see one log of "too many authentication failures" and then even hours or days later ZERO logs for the client. And on the client side, this incredibly unhelpful error:

Image_ images_messages_5f91c400135b77e247913a83_d03fc8e5d6c91972ca3ba24c7ca26d5d_RackMultipart20190919388571sb3-52cad25d-32bf-41c8-93c9-bf0a6c36ee26-1604858346.png1568920560

All the networks shown there are served from the same APs.

We even see this on clients running Unleashed setups.

How is there not a KB article about this?
20 REPLIES 20

andrew_giancol1
Contributor III
 I did our companies initial analysis via Wireshark (because the rejection happens on the client's end, without attempting to authenticate to the network, hence no logs), and found that the devices were essentially saying we support R but only part of it. so I simply removed roaming from the sites with affected clients and asked for Local IT to remediate by Rolling drivers back. I spoke to one of them a few minutes ago, and he said " uninstall the wireless NIC, delete the driver when it prompts me to, then reboot. Works after that."
I do not recall putting R back on the SSID's his SP's are on, so his guidance may or may not be flawed.

charles_sprick1
New Contributor III
OK, this is very helpful. Going to try the config changes. I'm about 90% sure the onsite tech already removed the device and re-added. We don't like touching client devices too much, so we didn't have the option to sniff with wireshark, but glad you did!

andrew_giancol1
Contributor III
You can grab Wireshark directly from the AP. 
  • Log in to the AP
  • run command 'get wlanlist'
  • id your WLAN number (in my case it's wlan33)
  • run command 'set capture wlan33 stream' remember, your WLAN may be different. using a copy of Wireshark, or favorite equivalent
  • open interfaces, remote interfaces, hit the plus or 'add'
  • type in the IP of the target AP, the port is 2002 (globe)
  • a list of new interfaces will appear, select wlan33 and leave out everything else for the moment.
  • Hit start.
  • Profit! Image_ images_messages_5f91c44f135b77e247a1779a_10a994de8df007f6fecb1eedb3cd4b38_RackMultipart201909191247661fs-060f71bd-594c-4a0f-85af-8fa9c91f75c0-1828461520.png1568925886

charles_sprick1
New Contributor III
Wow. OK, I didn't even know there was a CLI available on the individual APs.  So yeah. 🙂

A few quick questions if you'll indulge me:

  • you noted that there were no logs of the Surface because it had given up attempting to auth to an "incompatible" network - just confirming in this case the sniffing at the AP would NOT give me the info I need, correct?
  • in the above example, the "set capture ..." command is telling the AP to open a socket (which defaults to 2002) and it's dumping a tcpdump-like stream to whatever connects to that socket?
  • this is a good argument for a testing WLAN that's turned on for just this sort of troubleshooting I suppose
I need to get someone to drop a raspberry pi or something at these sites so I have a remote "base of operations" for something like this.

andrew_giancol1
Contributor III
you noted that there were no logs of the Surface because it had given up attempting to auth to an "incompatible" network - just confirming in this case the sniffing at the AP would NOT give me the info I need, correct?

Incorrect. in the following screencap, you can see the Wlan.addr filter used to specify the mac address of an android mule used primarily to test cloud path onboarding.  The SONY is not connected to this R610 in any way, instead, it's attached to my personally owned R500.

Image_ images_messages_5f91c44f135b77e247a182ef_4dd35641119c280e5a177bd27e2846a0_RackMultipart2019091942025vz1h-eef69e2c-8bec-4130-ade6-6decd41205ef-118762072.png1568926957
in the above example, the "set capture ..." command is telling the AP to open a socket (which defaults to 2002) and it's dumping a tcpdump-like stream to whatever connects to that socket?
yes, Here is a screencap of my Mule AP's remote interfaces after running the set capture command.

Image_ images_messages_5f91c44f135b77e247a182ef_01635af3d34a9cf65ce9d39f1dd63206_RackMultipart201909196387114od-641e843a-52c9-4fcb-87c0-273314dc3a1b-1237443298.png1568927000

this is a good argument for a testing WLAN that's turned on for just this sort of troubleshooting I suppose

Yes, everyone makes mistakes, even M$oft. And when it does happen, it's always a doozie.

Depending on your load, PI might be a touch lightweight for any REAL diagnostic. In my experience (PI3 B +) Drive write times leave too much to be desired, and as such make poor IPERF servers. as for tcpdump, my setup only seems to be only able to do about 25-30mb/s before losing packets. That said, there is a new PI4 out with PoE. as soon as the USB-C stuff is fixed on the boards, I plan to restart my Pi projects with that platform (4gb for the win!)

Good luck with Aruba!