Alot of Failed connection attempts.

Hi,

 

In my setup i run a Sophos UTM v9.413-3 and i have two AP's connected to it, one AP55C and one AP30. This was working just fine for a long time, but recently i noticed my wifi connection in was getting worse, so i looked at the logging and i noticed that since december 2016 i started to get alot of failed connection attempts.

this is how it daily looks now.

This is the yearly one, where you can see it started out of the blue in december.

I do see these log messages, but im not sure if they have anything to do with it.

2017:05:09-20:23:15 ding awed[4969]: [MASTER] start processing configuration change
2017:05:09-20:23:16 ding awed[4969]: [MASTER] end processing configuration change
2017:05:09-20:27:54 A4002FE206C4AE1 hostapd: wlan0: STA 00:40:9d:8e:df:1f WPA: group key handshake completed (RSN)
2017:05:09-20:28:02 A4002FE206C4AE1 hostapd: wlan9: STA f4:5c:89:87:36:e1 WPA: group key handshake completed (RSN)
2017:05:09-20:28:05 A4002FE206C4AE1 awelogger[14396]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="BreakingBad" ssid_id="WLAN1.1" bssid="00:1a:8c:8d:37:54" sta="10:41:7f:56:4b:0a" reason_code="2"
2017:05:09-20:28:05 A4002FE206C4AE1 awelogger[14396]: id="4102" severity="info" sys="System" sub="WiFi" name="STA disconnected" ssid="BreakingBad" ssid_id="WLAN1.1" bssid="00:1a:8c:8d:37:54" sta="10:41:7f:56:4b:0a"
2017:05:09-20:28:10 A4002FE206C4AE1 hostapd: wlan9: STA 10:41:7f:56:4b:0a IEEE 802.11: deauthenticated due to local deauth request
2017:05:09-20:28:32 A4002FE206C4AE1 hostapd: wlan9: STA 10:41:7f:56:4b:0a IEEE 802.11: authenticated
2017:05:09-20:28:32 A4002FE206C4AE1 hostapd: wlan9: STA 10:41:7f:56:4b:0a IEEE 802.11: associated (aid 1)
2017:05:09-20:28:32 A4002FE206C4AE1 hostapd: wlan9: STA 10:41:7f:56:4b:0a WPA: pairwise key handshake completed (RSN)
2017:05:09-20:28:32 A4002FE206C4AE1 awelogger[14396]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="BreakingBad" ssid_id="WLAN1.1" bssid="00:1a:8c:8d:37:54" sta="10:41:7f:56:4b:0a" status_code="0"
2017:05:09-20:28:32 A4002FE206C4AE1 awelogger[14396]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="BreakingBad" ssid_id="WLAN1.1" bssid="00:1a:8c:8d:37:54" sta="10:41:7f:56:4b:0a" status_code="0"
2017:05:09-20:28:32 A4002FE206C4AE1 awelogger[14396]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="BreakingBad" ssid_id="WLAN1.1" bssid="00:1a:8c:8d:37:54" sta="10:41:7f:56:4b:0a"
 
Anyone able to help me out troubleshoot this?
 
Thanks.
  • In reply to Tobi_K:

    Couple days agoo i decided to make a testcase for myself. As i am pretty sure that with older versions of UTM there were no problems with the WIFI at all. 

    I installed a 2nd firewall with UTM 9.351-3 (to be exact). I changed my network so all AP's connected to that firewall and so far (we are almost 3 days further) 0 failed connection attempts!

     

    So i guess something changed in later versions (i am not sure from which version, but my guess would be that it happend somewhere after june 2016), maybe someone can help find out which versions where running around that time.

     

    Regards,

    Peter

  • Hello together,

     

    at first I´d like thank for the good post´s and the knowledge sharing her in this community.

    even if it´s a few days ago, we still experiencing these problems too. We are using AP55/AP55C/AP100X APs for our forklift trucks.

    After struggeling arround with some client related roaming problems it´s working ok now. The last problem left are the WPA failures.

    After I changed AES Security to AES&TKIP and run only one SSID (instead of three) and changed the GHz Band to 2,4 only) the connection failures are getting less. 

    But that can´t be the last solution.... Is there anything heard from Sophos concerning this Problem? Or any other hints, how to solve this problems?

     

    Cheers

     

    Sebastian

  • In reply to Sebastian K:

    Hi all,

    I´ve found a solution which fixed this failure for me.

    I´m running UTM 9.603-1 and got many of these log entries:

    2019:07:10-07:05:41 A4002F7D5D63BAF hostapd: wlan8: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: STA identity 'host/PCNAME.Domain.de'

    2019:07:10-07:05:42 A4002F7D5D63BAF hostapd: wlan8: STA xx:xx:xx:xx:xx:xx WPA: WPA IE from (Re)AssocReq did not match with msg 2/4

    2019:07:10-07:05:42 A4002F7D5D63BAF awelogger[680]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="MCTLG" ssid_id="WLAN0.1" bssid="xx:xx:xx:xx:xx:xx" sta="xx:xx:xx:xx:xx:xx" reason_code="2"

    Some Win 10 clients could connect and others (same hard and software could not).

     

    The Solution to was to disable “Fast transition”. After this all clients are able to connect.

    I assume this is a bug.

  • In reply to michael.k:

    Excellent work, Michael!  Others note that the "Fast transition" selection is made in 'Advanced' in the Wireless Network definition.

    Cheers - Bob