<HTML dir=ltr><HEAD>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.6000.16608" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText53478 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Hi,</FONT></DIV>
<DIV dir=ltr>
<DIV><FONT face=Arial size=2>I am working with the EAP-FAST with the Cisco Server AP.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>But I got the following debug msg from the Cisco Server. And it said there is invalid tunnel MIC.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV><FONT face=Arial size=2>
<P>**********************************************************************************************************<BR>*Mar 8 06:02:30.107: RADSRV EAP-FAST: Add teap client 0011.d605.2cdc<BR>*Mar 8 06:02:30.107: RADSRV EAP-FAST: Sending TEAP start<BR>*Mar 8 06:02:30.253: RADSRV EAP-FAST: verify client_hello<BR>*Mar 8 06:02:30.253: RADSRV EAP-FAST: PAC to be provisioned, parsed 49, length<BR>49</P>
<P>*Mar 8 06:02:30.253: RADSRV EAP-FAST: Build (provision) Server Hello, 0011.d605<BR>.2cdc<BR>*Mar 8 06:02:30.254: RADSRV EAP-FAST: Calculting DH Server public.. 0011.d605.2<BR>cdc<BR>*Mar 8 06:02:30.466: RADSRV EAP-FAST: DH public number generation failed<BR>*Mar 8 06:02:30.466: RADSRV EAP-FAST: Sending Server Hello, 0011.d605.2cdc<BR>*Mar 8 06:02:41.137: RADSRV EAP-FAST: verify client_finished, 0011.d605.2cdc<BR>*Mar 8 06:02:41.137: RADSRV EAP-FAST: Calculting premaster secret..<BR>*Mar 8 06:02:41.405: RADSRV EAP-FAST: Calculating Master secret...<BR>*Mar 8 06:02:41.408: RADSRV EAP-FAST: tunnel Decrypt pak (size 48):<BR>*Mar 8 06:02:41.408: Data out<BR>00DAA450: 59C9D621 YIV!<BR>00DAA460: CCF5E055 050EB6CB B37CF708 D97A0DB5 Lu`U..6K3|w.Yz.5<BR>00DAA470: C6D7FF1C 65B2A7FB 6A8D2F7A CEC3BB13 FW..e2'{j./zNC;.<BR>00DAA480: 16D843E6 46E37722 E3B7C3EF .XCfFcw"c7Co<BR>*Mar 8 06:02:41.409: RADSRV EAP-FAST: invalid tunnel MIC<BR>*Mar 8 06:02:41.409: RADSRV EAP-FAST: sending alert level 2, desc 0<BR>*Mar 8 06:02:56.409: RADSRV EAP-FAST: Timer expired, teap client 0011.d605.2cd<BR>c<BR>*Mar 8 06:02:56.409: RADSRV EAP-FAST: Delete teap client 0011.d605.2cdc</P>
<P>*****************************************************************************************************</P>
<P>In addition I got the following debug msg from the supplicant program:</P>
<P></FONT><FONT face=Arial size=2>6.0660: TLSv1: Send ClientKeyExchange<BR>6.0660: TLSv1: DH client's secret value - hexdump(len=256): [REMOVED]<BR>15.0400: TLSv1: DH Yc (client's public value) - hexdump(len=256): [REMOVED]<BR>16.0990: TLSv1: Shared secret from DH key exchange - hexdump(len=0): [REMOVED]<BR>16.0990: TLSv1: pre_master_secret - hexdump(len=0): [REMOVED]</FONT></P>
<DIV><FONT face=Arial size=2>I found that the Shared secret from DH key exchange has 0 length.</FONT></DIV>
<DIV><FONT face=Arial size=2>This is very abnormal!</FONT></DIV>
<DIV><FONT face=Arial size=2>Does anyone know the reason or any hints for this issue???</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Please advise!!!</FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Jack</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></DIV></BODY></HTML>