6 Troubleshooting

6 Troubleshooting
CH A P T E R
6
Troubleshooting
This chapter describes EAP-FAST error messages. This chapter also provides guidelines for creating
strong passwords.
The following topics are covered in this chapter:
•
EAP-FAST Error Messages, page 6-1
•
Creating Strong Passwords, page 6-6
EAP-FAST Error Messages
Error Message Automatic PAC provisioning is enabled for this profile. However, a
valid PAC that matches the server to which the client adapter is connecting could
not be found. Do you wish to obtain a new security credential (PAC)?
Recommended Action Click Yes to provision a new PAC for this server using your existing credentials
or click No to cancel the operation. If you click No, the client adapter will fail the authentication.
Caution
To prevent possible attacks from rogue access points, do not reprovision a PAC unless it is necessary.
Error Message While attempting to provision your PAC during auto-provisioning, the
network access device failed to authenticate itself. This condition might indicate
an attack on your password by a rogue access device. Try again with your current
password?
Recommended Action Click Yes to attempt to reauthenticate with your current password. Click No to
cancel the operation.
Note
If the authentication attempt fails again, contact your system administrator to report a rogue access
device. Use strong passwords in the future to reduce the chance of your password being compromised;
see the “Creating Strong Passwords” section on page 6-6 for tips on creating strong passwords.
EAP-FAST for Windows Vista Administrator Guide
OL-16949-01
6-1
Chapter 6
Troubleshooting
EAP-FAST Error Messages
Error Message While attempting to provision your PAC, the network access device timed
out. A timeout might indicate an attack on your password by a rogue access device.
However, a timeout could be caused by a server outage or a faulty connection. Try
again with your current password?
Recommended Action Click Yes to attempt to reauthenticate with your current password. Click No to
cancel the operation.
Note
If a timeout occurs again, contact your system administrator to report a potential rogue access device.
Use strong passwords in the future to reduce the chance of your password being compromised; see the
“Creating Strong Passwords” section on page 6-6 for tips on creating strong passwords.
Error Message A valid PAC was not found for your username <username>. Click OK.
Re-enter your username in the credential prompt or the User Credentials tab of the
EAP-FAST Properties screen. If you entered your username correctly, go to the
Connection tab of the EAP-FAST Properties screen either to enable automatic PAC
provisioning or Validate server certificate or import a PAC file.
Recommended Action Click OK. Then perform one of the following:
– Re-enter your username.
– If you entered your username correctly, go to the Connection tab of the EAP-FAST Properties
screen either to enable automatic PAC provisioning or to import a PAC file.
Error Message The EAP-FAST authentication attempt failed because you entered the
wrong username and password. Please re-enter your username and password.
Recommended Action Click OK. Then re-enter your EAP-FAST credentials when the Enter Wireless
Network Password screen appears.
Error Message The EAP-FAST authentication attempt failed because you might have
entered the wrong username and password. Please re-enter your username and
password.
Warning: If you are sure that you have typed in the right username and password,
you may have connected to a rogue device. This can indicate an attack on your
password. Using a strong password will reduce the chance of your password being
compromised. If this failure happens again, contact your system administrator to
report a potential rogue access device.
Recommended Action Click OK. Then perform one of the following:
– If you entered your EAP-FAST credentials correctly, contact your system administrator to
report a potential rogue access point. Use strong passwords in the future to reduce the chance
of your password being compromised. See the “Creating Strong Passwords” section on page 6-6
for tips on creating strong passwords.
– If you entered your EAP-FAST credentials incorrectly, re-enter your credentials at the Enter
Wireless Network Password screen.
EAP-FAST for Windows Vista Administrator Guide
6-2
OL-16949-01
Chapter 6
Troubleshooting
EAP-FAST Error Messages
– If the username does not match the provisioned PAC, and automatic provisioning is enabled for
this profile, click Yes at the following message: “You do not appear to be registered with the
authentication server. Registration requires that this device be initialized with a security
credential. Do you wish to obtain a security credential?”
– If the username does not match the provisioned PAC, and manual provisioning is enabled for
this profile, go to the Connection tab of the EAP-FAST properties dialog box and either enable
automatic PAC provisioning or import a PAC file.
Error Message PAC provisioning has failed. This failure is not related to an issue
with the username and password. This failure is commonly caused by a server
configuration issue. Contact your administrator for assistance.
Recommended Action Contact your system administrator for assistance.
Error Message The PAC that you selected for this profile does not match the server
to which the client is connecting. However, a matching PAC has been found in your
PAC database. Would you like to use this matching credential authority and save
it to the profile?
Recommended Action Click Yes to use the matching PAC and to update the profile with this new PAC,
or click No to cancel the operation and to leave the profile as it is. If you click No, the client adapter
will be unable to authenticate using the existing profile.
Error Message You entered different values in the New Password field and the Confirm
New Password field. The passwords must be identical. Please try again.
Recommended Action Re-enter your new password in both fields.
Error Message The password that you entered in the Old Password field does not match
the password that you previously used. Please try again.
Recommended Action Re-enter your old password in the Old Password field.
Error Message An error occurred when you attempted to change your EAP-FAST password.
The new password might not conform to the server's password policy. Please try
again.
Recommended Action Re-enter your password in the Change Password screen.
Error Message The EAP-FAST authentication process failed during initialization. Make
sure that EAP-FAST and the Trusted Root Certificate Authority certificate are
installed correctly.
Recommended Action Ensure that EAP-FAST and the Trusted Root Certificate Authority certificate
are installed correctly.
EAP-FAST for Windows Vista Administrator Guide
OL-16949-01
6-3
Chapter 6
Troubleshooting
EAP-FAST Error Messages
Error Message You have connected to a server with the following server name
<server_name>
The server certificate is signed by the following Root Certification Authority
(CA):
<root_ca>
This Root CA does not match the specified trusted Root CA(s).
Do you want to accept this connection?
Warning: Connecting to a server signed with untrusted CA might compromise your
security.
Recommended Action If you want the client adapter to connect to this server even though doing so
might present a security risk, click Yes. Otherwise, click No.
Error Message You have connected to a server with the following server name:
<server_name>
This server name does not match the specified server name(s).
Do you want to accept this connection?
Warning: Connecting to an unsecured server might compromise your security.
Recommended Action If you want the client adapter to connect to this server even though doing so
might present a security risk, click Yes. Otherwise, click No.
Error Message Your password has expired. Please enter a new password.
Recommended Action Enter a new password to change the expired password.
Error Message You entered an empty username, which is not allowed.
Recommended Action Enter a username.
Error Message You must select a PAC when using manual PAC provisioning.
Recommended Action You clicked OK on the EAP-FAST Properties screen when automatic
provisioning was disabled and no PAC authority was selected. Either enable automatic provisioning
or choose a PAC authority from the drop-down list. If the list is empty, import a PAC file.
Error Message Error opening or reading file: <filename>.
Recommended Action Try to import the PAC file again. If the same message appears, obtain a new
PAC file from your system administrator and import it again.
EAP-FAST for Windows Vista Administrator Guide
6-4
OL-16949-01
Chapter 6
Troubleshooting
EAP-FAST Error Messages
Error Message The file is not a valid PAC file: <filename>.
Recommended Action Try to import the PAC file again. If the same message appears, obtain a new
PAC file from your system administrator and import it again.
Error Message The file does not contain a valid PAC: <filename>.
Recommended Action Try to import the PAC file again. If the same message appears, obtain a new
PAC file from your system administrator and import it using the EAP-FAST Settings screen.
Error Message The file contains a PAC that will replace an existing PAC already
provisioned on your system. Would you like to replace the existing PAC?
Recommended Action Click Yes to replace the existing PAC with the new one from the imported file,
or click No to cancel the operation.
Error Message The password you entered to import the PAC file is incorrect. Please
try again.
Recommended Action Try entering your password again.
Error Message The PAC file import operation has been aborted because of three or more
attempts of incorrect passwords.
Recommended Action Press OK to continue.
Error Message An internal error occurred.
Recommended Action An internal error occurred when the PAC was being imported. Try importing
the PAC again.
Error Message Insufficient memory or other system error.
Recommended Action Close other programs and free up some more memory.
Error Message You must select “Validate server certificate” or a PAC to use user's
certificate or one-time password for authentication.
Recommended Action One-time password or user certificate is selected as the user credential, but
there is no PAC selected or Validate Server Certificate option is not checked. Change the settings.
Error Message You tried to import a PAC file with the same PAC ID as a previously
imported or provisioned PAC. Would you like to replace the existing PAC?
Recommended Action Click Yes to replace the existing PAC with the new one from the imported file,
or click No to cancel the operation.
EAP-FAST for Windows Vista Administrator Guide
OL-16949-01
6-5
Chapter 6
Troubleshooting
Creating Strong Passwords
Creating Strong Passwords
Never write passwords down, on paper or online. Instead, create passwords that you can remember easily
but no one can guess easily. One way to do this is create a password that is based on a song title,
affirmation, or other phrase. For example, the phrase could be “This May Be One Way To Remember”
and the password could be “TmB1w2R!” or “Tmb1W>r~” or some other variation.
Note
Do not use either of those examples as passwords.
Characteristics of Strong Passwords
Strong passwords have the following characteristics:
•
Contain both upper and lower case characters (e.g., a-z, A-Z).
•
Contain numerals and punctuation as well as letters (e.g., 0-9, !@#$%^&*()_+|~ =\`{}[]:";'<>?,./)
•
Are at least five alphanumeric characters long.
•
Are not a word in any language.
•
Are not slang, dialect, or jargon.
•
Are not based on personal information, such as the names of family members.
Characteristics of Weak Passwords
A weak password has the following characteristics:
•
Contains fewer than eight characters.
•
Is a word found in a dictionary (English or foreign)
•
Is any other term that is easily guessed or found in common usage. The following are examples of
terms that are easily guessed:
– The name of family, pet, friend, coworker, or fantasy character.
– A computing term or name, such as a command, site, company, model, or application.
– A birthday or another kind of personal information, such as an address or telephone number.
– A predictable letter pattern or number pattern, such as aaabbb, qwerty, zyxwvuts, or 123321.
– Any of the above spelled backwards.
– Any of the above preceded or followed by a digit.
Password Security Basics
Follow these basic guidelines when dealing with passwords:
•
Never reveal a password, even to family members.
•
Never talk about a password in front of others.
•
Never hint at the format of a password (such as “my family name”).
EAP-FAST for Windows Vista Administrator Guide
6-6
OL-16949-01
Chapter 6
Troubleshooting
Creating Strong Passwords
•
Never use characters from outside the standard ASCII character set. Some symbols, such the pound
sterling symbol (£), are known to cause login problems on some systems.
EAP-FAST for Windows Vista Administrator Guide
OL-16949-01
6-7
Chapter 6
Troubleshooting
Creating Strong Passwords
EAP-FAST for Windows Vista Administrator Guide
6-8
OL-16949-01
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising