Question Cannot connect Wifi Enterprise EAP/TLS with Xperia 10 III Android 12 Update July 2022 BN 62.1.A.0.617 - Sony Xperia 10 III

Hello,
I am trying to connect my smartphone Xperia 10 III Android 12 Update July 2022 BN 62.1.A.0.617
to Enterprise WIFI using certificates CORPORATE-WIFI-WPA_EAPIEEE8021X_TLS_NULL
with following setting pushed by azure intune :
Scep Cert policy to android:
Subject name format CN={{AAD_Device_ID}}
Subject alternative name User principal name (UPN) = {{AAD_Device_ID}}@domain.com
Certificate validity period 1 Years
Key usage Key encipherment, Digital signature
Key size (bits) 2048
Hash algorithm SHA-2
Root Certificate "YOUR ROOT CERT"
Extended key usage Client Authentication enter what you cert template says
Renewal threshold (%) 20
SCEP Server URLs "NDES URL"
WIFI Settings policy to android:
SSID "SSID"
Connect automatically Disable
Hidden network Disable
EAP type EAP - TLS
Radius server name "All Ise Nodes"
Root cert for server valid "Your Root Cert"
Authentication method Certificates
Certificates "Scep Cert From earlier"
Identity privacy anonymous this seems to be important
Unfortunately, Cisco ISE do not see my Smartphone MAC Addr and phone does not connect.
We investigated a lot of about this connection issue but do not find the root cause.
Re-enrolled my phone to Intune more than once, resync'ed mgmt policies,
reinstalled certificated, ... does not seem to help.
Also removed Norton 360 security just in case of but no change.
Any idea about the root cause or where the issue can be ?
Situation was the same with March 2022 Android 12 update
Thanks for your ideas
Th

If You using private MAC, You may try to disable it for this wifi connection.

Hello,
Thanks for reply. Gave a try with Device MAC or Randomized MAC but not change. Is this what you mean ?
Thanks
TH

Related

[Q] quick exchange question

Hey all!
I just got a new email account from my university and they provided me some settings/server info but unfortunately i am unable to get my evo setup as exchange below is the info I have.. any suggestions on what info i need to input for
Exchange Server Name:
exchange domain name:
ser-Agent: Mozilla/4.0 ‎(compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.2)‎
Outlook web application experience: Premium
User language: English ‎(United States)‎
User time zone: ‎(GMT-05:00)‎ Eastern Time ‎(US & Canada)‎
Exchange mailbox address: /o=ExchangeLabs/ou=Exchange Administrative Group ‎(FYDIBOHF23SPDLT)‎/cn=Recipients/cn=Rood, Robery
Host address: https://bl2prd0103.outlook.com/owa
Version: 14.0.650.49
Host name: bl2prd0103.outlook.com
Exchange Client Access server name: BL2PRD0103CA006.prod.exchangelabs.com
Exchange Client Access server .NET Framework version: 2.0.50727.4927
Client Access server operating system version: Microsoft Windows NT 6.1.7600.0
Client Access server operating system language: en-US
Client Access server version: 14.0.650.0
Client Access server language: en-US
Client Access server time zone: ‎(GMT)‎ Monrovia, Reykjavik
Client Access server platform: 64bit
Mailbox server name: BL2PRD0103MB073.prod.exchangelabs.com
Mailbox server Microsoft Exchange version: 14.0.650.0
Other Microsoft Exchange server roles currently installed on the Client Access server:
Authentication type associated with this Outlook web application session:
Public logon: No
External POP setting:
Server name: pod51000.outlook.com
Port: 995
Encryption method: SSL
External IMAP setting:
Server name: pod51000.outlook.com
Port: 993
Encryption method: SSL
External SMTP setting:
Server name: pod51000.outlook.com
Port: 587
Encryption method: TLS
try using pod51000.outlook.com as your mail server
on your university computers, what domain do you usually sign into?
you may need to authenticate as DOMAIN\username along with adding that mail server

[Q] DHCP Lease very short

Hi there
My IP adress keeps on changing on my Android (Cyanogen 6.1.1) Desire and so I keep on hopping between different IP addresses. The IP adress of the only other system on my network has not changed.
I would prefer not to use a static address but to understand and fix the cause of this. I have a laptop which does'nt hop around so frequently so
I think it must be related to a phone/Android setting but so far i've been unable to find out where this is configured.
My link speed is 54 Mbps so I have a good connection to my wireless router.
How can I fix this ? Perhaps I just need to install an extra application.
Elixir displays the lease in binary for some reason, 10101000110000000 (86400 base 10). 86400 seconds is a lease time of 1 day.
And this is confirmed on the OS itself.
Code:
# getprop dhcp.eth0.leasetime
86400
# dhcpcd --version
dhcpcd 4.0.15
Copyright (c) 2006-2008 Roy Marples
# pgrep -lf dhcpcd
1486 /system/bin/dhcpcd -ABKL -h android_dddddddddddddddd eth0
dhcpdcd options if they are the same on Android : http://roy.marples.name/cgi-bin/man-cgi?dhcpcd
-A, --noarp
Don't request or claim the address by ARP. This also disables
IPv4LL.
-B, --nobackground
Don't run in the background when we acquire a lease. This is
mainly useful for running under the control of another process,
such as a debugger or a network manager.
-K, --nolink
Don't receive link messages for carrier status. You should only
have to use this with buggy device drivers or running dhcpcd
through a network manager.
-L, --noipv4ll
Don't use IPv4LL (aka APIPA, aka Bonjour, aka ZeroConf).

[Q] OpenVPN browser tunneling

Hi,
I want use my browser to connect on my corporate intranet via VPN connection, but I'm not able to do it.
Someone can help me?
Some information:
I tried 2 way to confgure OpenVPN:
1) I've configured OpenVPN via openvpn-settings apps (using pre-created cert files located on <rootsdcard>/openvpn ).
The .ovpn config files sound like
port yyyy
dev tun
# dev-node ovpn
proto tcp-client
remote xxx1.xxxx.it yyyy
remote xxx2.xxxx.it yyyy
remote xxx3.xxxx.it jjj
remote xxx4.xxxx.it jjj
ping 30
persist-tun
persist-key
tls-client
ca xxx.ca.crt
cert xxx.aaaa.bbbb.crt
key xxx.aaaa.bbbb.key
ns-cert-type server
comp-lzo
pull
verb 5
I connect to VPN with no problems, and I can use for example ssh to connect on my corporate linux server.
2) I've created a VPN from Menu->Settings-> Wireless & network-> VPN settings -> add VPN-> add VPN OpenVPN
and set parameters according with previous .ovpn config file
I connect also to VPN with no problems, and I can use for example ssh to connect on my corporate linux server.
On both cases I'm not able to browse intranet. So I checked the IP address I go out with, pointing to h**p://m.showip.net/, and It display my provider IP, not assigned VPN IP!
It can be that VPN don't tunnel all traffic? Maybe I need to change the default gateway?
I'm confused
My OS is Cyanogenmod 7.1.0.1
My phone is HTC Wildfire (Buzz)

XS can't connect to 802.1x TLS wifi

Hi all, I have 4.1.1 XS phone that tried to be connected to Wifi network using below details:
EAP: TLS
Phase2: None
CA certificate: corporate certificate
User certificate: my personal certificate
Identity: my email
Anonymous identity: <blank>
Password: <blank>
But the wifi shows either Connecting or Authentication problem. Is there any solution for this?

[Q] (REQUEST) Have VPN working on the FTV

I am from Mexico and when I ordered the FTV I was planning on installing Hotspot Shield Elite to change my VPN to United States and access US Netflix, Pandora etc. The app does install and open but in order for the app to work it needs VPNdialogs.apk installed. I have attempted to install that app various ways but I have failed. I need a way to get VPN working properly. Any ideas?
What is VPN and how does it work?
Sent from my XT1033
KickStart49 said:
What is VPN and how does it work?
Sent from my XT1033
Click to expand...
Click to collapse
VPN is a service that your phone uses to mask or hide your IP Location by using their own servers to access the website. For example, if I am in China and have a USA VPN provider I can use USA Netflix etc bc Netflix thinks I'm in the United States. The app Hotspot Shield is a VPN provider that helps me do this on my android device. Now I installed this in the FTV and it requires more than that. Try it in your phone and you will see what I mean.
Oh sure. Will it help me get the access to the US playstore?
Sent from my XT1033
It should yes. Look it up as Hotspot Shield Elite apk on Google
Sent from my SPH-L600 using XDA Free mobile app
solorzano_felipe said:
It should yes. Look it up as Hotspot Shield Elite apk on Google
Sent from my SPH-L600 using XDA Free mobile app
Click to expand...
Click to collapse
Why VPN. Why not unotelly? that does the dns and can pick up things from around the world. As far as content on Amazon, its not restricted based on the IP you connect from. Its where your account is registered to and you can change that easily back and forth.
I didn't want to change from Hotspot Shield but I just did and Unotelly works perfectly, thanks.
Sent from my SPH-L600 using XDA
solorzano_felipe said:
VPN is a service that your phone uses to mask or hide your IP Location by using their own servers to access the website. For example, if I am in China and have a USA VPN provider I can use USA Netflix etc bc Netflix thinks I'm in the United States. The app Hotspot Shield is a VPN provider that helps me do this on my android device. Now I installed this in the FTV and it requires more than that. Try it in your phone and you will see what I mean.
Click to expand...
Click to collapse
I'm getting VPN API error from HotSpot Shield from my rooted AFTV. Any clue how to fix it?
Sent from my AFTB using Tapatalk
desztan said:
I'm getting VPN API error from HotSpot Shield from my rooted AFTV. Any clue how to fix it?
Sent from my AFTB using Tapatalk
Click to expand...
Click to collapse
I wasn't able to get VPN working on it, I use DNS provider like Unotelly or unblock-us and it works fine most of the time.
Sent from Samsung Galaxy Mega 6.3
solorzano_felipe said:
I wasn't able to get VPN working on it, I use DNS provider like Unotelly or unblock-us and it works fine most of the time.
Sent from Samsung Galaxy Mega 6.3
Click to expand...
Click to collapse
Is there anyway to get a VPN apk working?
Sent from my AFTB using Tapatalk
I try Hotspot Shield on my phone and it didn't work but I try hiddeninja and it works. when I sideload hiddeninja into AFTV it just exit the program when I click connect.
Sent from my SM-N915G using Tapatalk
desztan said:
I try Hotspot Shield on my phone and it didn't work but I try hiddeninja and it works. when I sideload hiddeninja into AFTV it just exit the program when I click connect.
Sent from my SM-N915G using Tapatalk
Click to expand...
Click to collapse
Hotspot Shield works great on my phone. I'll give Hidden Ninja a try and will report if it work.
Sent from Samsung Galaxy Mega 6.3
Was anyone able to go further with a VPN connection ?
I did the following :
db install -r ./de.schaeuffelhut.android.openvpn.installer.apk
adb install -r ./de.schaeuffelhut.android.openvpn.apk
In FireTV -> installed the application openvpn.installer first.
--> kept default location : /system/xbin
ifconfig opener : /system/xbin/busybox ifconfig
==> /system/xbin/openpvn installed as a result.
Created the following dir :
mkdir /sdcard/openvpn.
I copied the .ovpn from my VPN provider (Cyberghost).
I open it and extracted the client.cert client.key and ca.cert from it and created the corresponding text files.
So the .ovpn file now looks like :
Code:
client
remote us-ipeb-openvpn.cyberghostvpn.com 443
dev tun
proto udp
auth-user-pass
resolv-retry infinite
redirect-gateway def1
persist-key
persist-tun
nobind
cipher AES-256-CBC
auth MD5
ping 5
ping-exit 60
ping-timer-rem
explicit-exit-notify 2
script-security 2
remote-cert-tls server
route-delay 5
tun-mtu 1500
fragment 1300
mssfix 1300
verb 4
comp-lzo
ca /sdcard/openvpn/ca.crt
cert /sdcard/openvpn/client.crt
key /sdcard/openvpn/client.key
From my PC, I run adb logcat when trying to use the VPN connection and I keep getting this :
Code:
D/OpenVPNDaemonEnabler(23407): Received OpenVPN network state changed from Wait to Auth
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-mgmt(23407): onState(">STATE:1421363388,RECONNECTING,tls-error,,")
D/OpenVPN-Settings-getprop(23407): invoking external process: /system/bin/sh
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 VERIFY OK: depth=1, /C=DE/O=CyberGhost_VPN/OU=CyberGhost/CN=CyberGhost
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 VERIFY ERROR: depth=0, error=certificate signature failure: /C=RO/ST=RO/L=Bucharest/O=CyberGhost_VPN/OU=CyberGhost/CN=CyberGhost/name=CyberGhost_VPN/[email protected]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 TLS Error: TLS object -> incoming plaintext read error
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 TLS Error: TLS handshake failed
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 TCP/UDP: Closing socket
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 SIGUSR1[soft,tls-error] received, process restarting
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 MANAGEMENT: >STATE:1421363388,RECONNECTING,tls-error,,
I did get the certificate today from cyberghost, so the validity is fine :
Validity
Not Before: Jan 15 21:44:37 2015 GMT
Not After : Jan 12 21:44:37 2025 GMT
Any suggestion is welcome !
Securitykiss vpn worked fine for me on rooted fire tv what I found weird is that not every vpn provider works. Securitykiss has 500 mb free a day so you can try it.
Sent from my SM-N910V using Tapatalk
Astrolabe said:
Was anyone able to go further with a VPN connection ?
I did the following :
db install -r ./de.schaeuffelhut.android.openvpn.installer.apk
adb install -r ./de.schaeuffelhut.android.openvpn.apk
In FireTV -> installed the application openvpn.installer first.
--> kept default location : /system/xbin
ifconfig opener : /system/xbin/busybox ifconfig
==> /system/xbin/openpvn installed as a result.
Created the following dir :
mkdir /sdcard/openvpn.
I copied the .ovpn from my VPN provider (Cyberghost).
I open it and extracted the client.cert client.key and ca.cert from it and created the corresponding text files.
So the .ovpn file now looks like :
Code:
client
remote us-ipeb-openvpn.cyberghostvpn.com 443
dev tun
proto udp
auth-user-pass
resolv-retry infinite
redirect-gateway def1
persist-key
persist-tun
nobind
cipher AES-256-CBC
auth MD5
ping 5
ping-exit 60
ping-timer-rem
explicit-exit-notify 2
script-security 2
remote-cert-tls server
route-delay 5
tun-mtu 1500
fragment 1300
mssfix 1300
verb 4
comp-lzo
ca /sdcard/openvpn/ca.crt
cert /sdcard/openvpn/client.crt
key /sdcard/openvpn/client.key
From my PC, I run adb logcat when trying to use the VPN connection and I keep getting this :
Code:
D/OpenVPNDaemonEnabler(23407): Received OpenVPN network state changed from Wait to Auth
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-mgmt(23407): onState(">STATE:1421363388,RECONNECTING,tls-error,,")
D/OpenVPN-Settings-getprop(23407): invoking external process: /system/bin/sh
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 VERIFY OK: depth=1, /C=DE/O=CyberGhost_VPN/OU=CyberGhost/CN=CyberGhost
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 VERIFY ERROR: depth=0, error=certificate signature failure: /C=RO/ST=RO/L=Bucharest/O=CyberGhost_VPN/OU=CyberGhost/CN=CyberGhost/name=CyberGhost_VPN/[email protected]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 TLS Error: TLS object -> incoming plaintext read error
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 TLS Error: TLS handshake failed
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 TCP/UDP: Closing socket
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 SIGUSR1[soft,tls-error] received, process restarting
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/cbg_USA_noCTRLM_UDP.ovpn]-daemon-stdout(23407): Thu Jan 15 15:09:48 2015 MANAGEMENT: >STATE:1421363388,RECONNECTING,tls-error,,
I did get the certificate today from cyberghost, so the validity is fine :
Validity
Not Before: Jan 15 21:44:37 2015 GMT
Not After : Jan 12 21:44:37 2025 GMT
Any suggestion is welcome !
Click to expand...
Click to collapse
Would like to find a answer for either CyberGhost of PIA but I think the only way to figure this is thru their live or email support department... Can you try to get a hold of CyberGhost live support to see if they help fix this ??
I use droidvpn and it works prefect on my fire tv.
hi all, and there are no FREE Vpn APK work on amazon fire tv?
Anyone try hola ?
Sent from this Oneplus "BOS" One!!!
Too much effort to get VPN running directly on the fire tV. Just get a SmartDNS/VPN enabled router and set it up that way.
DIR-615 router, with DD-WRT, £10. Problem solved.
you can also try hola vpn from app store. it is free and has integration of netfix to make region free.

Categories

Resources