cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error

From: "Stevens, Andy" <andy.stevens AT wur.nl>
To: Stefan Paetow <Stefan.Paetow AT jisc.ac.uk>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>, darren.wheatcroft <darren.wheatcroft AT NOTTINGHAM.AC.UK>
Subject: Re: [[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error
Date: Wed, 22 Dec 2021 16:27:13 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wur.nl; dmarc=pass action=none header.from=wur.nl; dkim=pass header.d=wur.nl; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n/u5fWjwds8jXbl9Hl2rbJ1SBuDHsuYBZNmTsqISEAI=; b=Vs0HCCFg+U8Vf1yYrxDh4s1ikSGgCGvQY+PumTfJW9FlY0+90XaZ+4W4kRe1Ig+wFUilANXvdjJhCx8WfJ5Rux/Mrrc5171caHI0yiKdZNL5aToDytH+mfRBq/kwxt6QdFnGb1yJPvN9bYDLWxzcd/1J2HaKGVAjE5NsNDqOpH3zRYrUHRUQbIejKNBEoHVbmtiw1aSuwhaeJsQMTLM6lQZ/ZE7YzWfIA5pGrTxfh8Xtq4irvZk3R2bj/Hcbp/0ITrTSWSxxJ6NhRcva+GCOEmbG1C5x0U9w2zsjW7ufTugS/at4h5vWFReCvQKDylMAX+vAU+as2CaWEMOPXqBIng==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nQQn7spnSyet1bhJQ/P9S/CDosKyNWoSyVDMSdR5gy+L91MeNjopY4nRvbiLWD+gAwNELftcqibV+u2pDQLFCAyujtlfUECJKTwM4eHSxoesx56NFKm+k8OHnZElTWY57zrPBHMVE5ic0vx/o4n7M+kBMxcutBSa0kAHm0reS0A1RzuH8+GucXtrXKv9Jbx7VckknG6gUW49i2qzG6U/UM0KPqb1FcpBsGo8Y3wZC7uqhzN/WO0IqNTcdlHJG6175VPytbHBNPOAJl4FGDU9NF4g5UiLgLxw7LNvNv4Cix+PVR7uRurBvSGejl3Sfp8jT6Znoy71YMbJqhdsIkwteg==
Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=wur.nl;

Interesting, can somebody refer to information why windows 10 clients need the root installed, alongside the intermediate to make a proper connection?

Met vriendelijke groet,

Andy Stevens

Network / WiFi Infrastructure Engineer
CWNA 160383 | ECSE

MDT - Network Services
signature_1959975983

Aanwezig (ma t/m do)

Wageningen University & Research

Actio / Gebouw 116

Akkermaalsbos 12 / 6708 WB Wageningen

Postbus 59 / 6700 AB Wageningen

T +31 (0) 3174 88653

E andy.stevens AT wur.nl

http://www.disclaimer-nl.wur.nl/

Wil je iets melden? Doe het eenvoudig en snel online.

Want to report a problem? Use our online self service

From: <cat-users-request AT lists.geant.org> on behalf of Stefan Paetow <Stefan.Paetow AT jisc.ac.uk>
Reply to: Stefan Paetow <Stefan.Paetow AT jisc.ac.uk>
Date: Wednesday, 22 December 2021 at 16:42
To: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>, "darren.wheatcroft" <darren.wheatcroft AT NOTTINGHAM.AC.UK>
Subject: Re: [[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error

Yes, I suspect that is exactly it.

Uploading the Comodo AAA certificate should probably resolve the problem if the GEANT cert is shipped along with the server certificate.

Regards

Stefan Paetow
Federated Roaming Technical Specialist

t: +44 (0)1235 822 125
e-mail/teams: stefan.paetow AT jisc.ac.uk
gpg: 0x3FCE5142

Until 24/12/2021, I am only in the office Tuesdays to Thursdays.

In line with government advice, at Jisc we’re now working from home and our offices are currently closed. Read our statement on coronavirus.

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

From: <cat-users-request AT lists.geant.org> on behalf of Stefan Winter <stefan.winter AT restena.lu>
Reply to: Stefan Winter <stefan.winter AT restena.lu>
Date: Tuesday, 21 December 2021 at 12:53
To: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>, "darren.wheatcroft" <darren.wheatcroft AT NOTTINGHAM.AC.UK>
Subject: Re: [[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error

Hello,

could you let us know the old and new roots? If the new root is by any chance AAA Services, I think I have a rough idea...

Stefan Winter

Am 21.12.21 um 13:51 schrieb Stefan Winter:

Hi,

forwarding on behalf of Darren Wheatcroft, as the mail was sent to the -request address.

Stefan Winter
-------- Weitergeleitete Nachricht --------

Betreff:

Windows 10 & CAT - TLS Session reuse error

Datum:

Mon, 20 Dec 2021 11:57:58 +0000

Von:

Darren Wheatcroft <Darren.Wheatcroft AT nottingham.ac.uk>

An:

cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org>

Hi,

We have recently updated our certificates and the CAT tool has been updated accordingly with the cert chain.

Since doing this, no Windows 10 device will connect to eduroam - we get 'Unable to connect to this network' on the client, and 'TLS Session Reuse' on the Clearpass server.

MacOS, iOS and Android all connect OK. It isn't our build of Windows 10 as it happens on personal machines as well.

Essentially the only thing that changed in the CAT tool this year was the certificate chain.

Manually forgetting, then connecting will work every time.

Does anyone know of any client side logs we could dig into to see what is going on? This years cert update has been a bit challenging!

Kind regards

Darren

--

Darren Wheatcroft

Digital and Technology Services

University of Nottingham
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please contact the sender and delete the email and
attachment. 
 
Any views or opinions expressed by the author of this email do not
necessarily reflect the views of the University of Nottingham. Email
communications with the University of Nottingham may be monitored 
where permitted by law.
 
 
 
To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

[[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error, Stefan Winter, 12/21/2021
- Re: [[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error, Stefan Winter, 12/21/2021
  - Re: [[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error, Stefan Paetow, 12/22/2021
    - Re: [[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error, Stevens, Andy, 12/22/2021
      - Re: [[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error, Tomasz Wolniewicz, 12/23/2021
        
        RE: [[cat-users]] Fwd: Windows 10 & CAT - TLS Session reuse error, Daniel Sheppard, 12/23/2021