Reset Search



KB13716 - "TLS handshake failed" posted to the Pulse Policy Secure (PPS) user access log

« Go Back


Last Modified Date7/31/2015 2:27 PM
Many "TLS handshake failed" errors are posted in the Pulse Policy Secure (PPS) user access log.  What information is required to troubleshoot the issue?
Problem or Goal
  • Pulse Policy Secure (PPS)
  • 802.1x enabled on the switch
  • Odyssey Access Client
Symptoms & Errors:
  • "TLS handshake failed"
  • 802.1x authentication failed
In general, this error implies there is something wrong with the certificate or there is an EAP failure between the client and PCS.  To troubleshoot the issue, several pieces of information should be collected. 

Prior to the issue reoccurring, enable the debug log on both the PCS and the OAC.
  • Enable debug log on the PCS; set the following values:
    • log size is 50MB
    • log level is 20
    • event code is: WebRequest, SBR, sbrauth, tncs, gateman, agentman
  • Enable debug log on Odyssey Access Client (OAC) at Odyssey Access Client Manager > Tools > Logs > Settings; set the following values:
    • Debug level 5
    • Lines of buffer 8000
Once the issue occurs, collect the following information:
  • The debug log from the PCS: Maintenance > Troubleshooting > Monitoring > debug log > Save debug log
  • The 802.1x switch's authentication log.   Because there is no IP address and user name/realm information in the "TLS Handshake Failed" log entries, an authentication log from the 802.1x switch will be helpful to find out which clients encounter the issue; as generally the log will include client's MAC Address.
  • The logs from the OAC client: Odyssey Access Client Manager > Tools > Logs > Save all
Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255