thhevoka

Q: iPAD WiFi with enterprise WPA2 EAP-FAST stops working after upgrade to IOS8

iPAD Mini Retina fails to join WiFi network after the upgrade to IOS8.0.

 

Before on the latest IOS7 it was still working, and other devices with the same configuration, which were not upgraded happily connect.

 

The network has a hidden SSID, and is configured as an Enterprise WPA2 protected network. It is configured for EAP-FAST.

The configuration profile provisions:

the SSID as a hidden network with auto connect.

enterprise WPA2

EAP-FAST with "use PAC", "provision PAC" and "provision PAC anon" ticked

username

password

 

This profile works fine with IOS6 and IOS7 devices, and worked on this iPAD before the upgrade to IOS8.

 

Joining an other network with personal WPA2 works.

 

Anyone an idea, what has changed in IOS8.

 

Kind regards

Thomas

iPad (3rd gen) Wi-Fi + Cellular, iOS 8

Posted on Sep 19, 2014 6:55 AM

Close

Q: iPAD WiFi with enterprise WPA2 EAP-FAST stops working after upgrade to IOS8

  • All replies
  • Helpful answers

  • by sterling r,

    sterling r sterling r Sep 22, 2014 7:07 AM in response to thhevoka
    Community Specialists
    Sep 22, 2014 7:07 AM in response to thhevoka

    Hey there thhevoka,

     

    It sounds like just this one iPad has an issue with connecting to this network after the iOS 8 update. I would use the troubleshooting in the following article to help get that resolved, named:

     

    iOS: Troubleshooting Wi-Fi networks and connections

     

     

    1. Tap Settings > Wi-Fi and turn Wi-Fi off and on. If your Wi-Fi setting is dimmed, follow these steps.
    2. Restart your iOS device.
    3. Tap Settings > Wi-Fi and locate the Wi-Fi network to which you're connected.
    4. Tap  and Forget this Network.
    5. Try to connect to your desired Wi-Fi network. 
      Note: You may need to enter your Wi-Fi password again if your network requires one.
    6. Turn your Wi-Fi router off and on2. If your ISP also provides cable or phone service, check with them before attempting this step to avoid interruption of service.
    7. Update your Wi-Fi router to the latest firmware2. For AirPort Base Stations, install updates using the AirPort Utility.
    1. Reset network settings by tapping Settings > General > Reset > Reset Network SettingsNote: This will reset all network settings including:
      • previously connected Wi-Fi networks and passwords
      • recently used Bluetooth accessories
      • VPN and APN settings

     

    Thank you for using Apple Support Communities.

    All the very best,

    Sterling

  • by thhevoka,

    thhevoka thhevoka Sep 22, 2014 11:49 AM in response to sterling r
    Level 1 (0 points)
    Sep 22, 2014 11:49 AM in response to sterling r

    Hi Sterling,

     

    thank you very much for your reply, but I am afraid, this is not going to help. I get the impression, my description is probably not precise enough, so I will explain a bit more:

     

    Yes it is only this one iPAD, as I only upgraded this one device to IOS8 before I rollout this new OS for production to all other devices.

    The network, which I can not join is not a "personal WPA2" protected network as found on SOHO access points, but rather an enterprise device providing enterprise grade services. The respective SSID is protected with "enterprise WPA2" with an authentication scheme "EAP-FAST".

    These configuration of this network is not done via the normal user interface of the iPAD or iPhone but rather with signed configuration profiles installed on the respective devices.

    This mechanism worked perfectly for IOS6 and IOS7, and still works for all IOS6 and IOS7 devices, and it also worked for this particular iPAD before hte upgrade.

    Now, when I tested the network connectivity after the upgrade to IOS8 it does not work any more. I tried removing the respective profile and re-applying this profile again but this network can not be joined with the IOS8 device.

     

    Using this same iPAD with "personal WPA2" protected network (e.g. at home) it has connectivity. So the problem seems to be some different behavior in the handling of this enterprise authentication modes in IOS8.

     

    Kind regards

    Thomas

  • by dgfair,

    dgfair dgfair Sep 23, 2014 5:39 AM in response to thhevoka
    Level 1 (0 points)
    Sep 23, 2014 5:39 AM in response to thhevoka

    I have the same issue. I have two devices, one on IOS7 and one on IOS8, both using the same wifi profile. The IOS7 device connects without any issues, but the IOS8 device cannot join the wifi.

  • by johnf_NCC,

    johnf_NCC johnf_NCC Sep 30, 2014 7:37 AM in response to thhevoka
    Level 1 (0 points)
    Sep 30, 2014 7:37 AM in response to thhevoka

    Hi,

     

    Sorry, this doesn't help you but I'm seeing the exact same issue and had to stop users upgrading to iOS8 because of this. We use EAP-FAST in our enterprise deployment of over 450 iPads. iOS6 and iOS7 have never been a problem. Even without MDM control they will connect to the Wi-Fi infrastructure without problem.

     

    Fortunately we had the opportunity to briefly test iOS8 before it was on general release and managed to prevent our users from upgrading.

     

    It has resisted all attempts to fix. We can apply the same WiFi profile to an iOS7 device as an iOS8 device and specify EAP-FAST with the exact same settings you mention. iOS7 connects just fine, but iOS8 will not. Our Cisco ACS reports: "EAP-TLS or PEAP authentication failed during SSL handshake" All out laptops are set to use EAP-FAST too and have historically been fine.

     

    I can't believe this is an isolated case.

  • by Matt@SH,

    Matt@SH Matt@SH Oct 7, 2014 12:48 PM in response to johnf_NCC
    Level 1 (0 points)
    Oct 7, 2014 12:48 PM in response to johnf_NCC

    FYI, it should be resolved very soon.  I highly recommend engaging Apple support.

  • by thhevoka,

    thhevoka thhevoka Oct 7, 2014 2:21 PM in response to Matt@SH
    Level 1 (0 points)
    Oct 7, 2014 2:21 PM in response to Matt@SH

    Well - they wouldn't help much either ... "ask your ... " network administrator / cisco / enterprise support

  • by WTX_USMC,

    WTX_USMC WTX_USMC Apr 17, 2015 8:25 AM in response to thhevoka
    Level 1 (0 points)
    Apr 17, 2015 8:25 AM in response to thhevoka

    I had the same issue on my iPhone and found the following to be the solution. I downloaded iPhone Configuration Utility from the internet and loaded it on my personal PC. My personal MAC Version was OS X 10.9.5. I created a EAP-FAST profile from the video below on how to use the config tool. Once this profile was installed on my phone, it was tested with my Cisco WCL being the AS (Local Authentication Server) on WLC version 7.6 and IPhone IOS version 8.3. BE AWARE in the beginning of the install for utility tool, yahoo and other ad software will be installed unless you decline it. Once my profile which was created on my authentication server matched the one I made on the configuration tool, I was able to attain access to the network.

     

      Example on how to use config tool: https://www.youtube.com/watch?v=YIxG4OEfwtY (EAP-FAST at 3:15 of video)