Reset Search
 

 

Article

KB13716 - "TLS handshake failed" posted to the Pulse Policy Secure (PPS) user access log

« Go Back

Information

 
Last Modified Date7/31/2015 2:27 PM
Synopsis
Many "TLS handshake failed" errors are posted in the Pulse Policy Secure (PPS) user access log.  What information is required to troubleshoot the issue?
Problem or Goal
Environment:
  • Pulse Policy Secure (PPS)
  • 802.1x enabled on the switch
  • Odyssey Access Client
Symptoms & Errors:
  • "TLS handshake failed"
  • 802.1x authentication failed
Cause
Solution
In general, this error implies there is something wrong with the certificate or there is an EAP failure between the client and PCS.  To troubleshoot the issue, several pieces of information should be collected. 

Prior to the issue reoccurring, enable the debug log on both the PCS and the OAC.
 
  • Enable debug log on the PCS; set the following values:
    • log size is 50MB
    • log level is 20
    • event code is: WebRequest, SBR, sbrauth, tncs, gateman, agentman
  • Enable debug log on Odyssey Access Client (OAC) at Odyssey Access Client Manager > Tools > Logs > Settings; set the following values:
    • Debug level 5
    • Lines of buffer 8000
Once the issue occurs, collect the following information:
 
  • The debug log from the PCS: Maintenance > Troubleshooting > Monitoring > debug log > Save debug log
  • The 802.1x switch's authentication log.   Because there is no IP address and user name/realm information in the "TLS Handshake Failed" log entries, an authentication log from the 802.1x switch will be helpful to find out which clients encounter the issue; as generally the log will include client's MAC Address.
  • The logs from the OAC client: Odyssey Access Client Manager > Tools > Logs > Save all
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255