Realm: clch.nhs.uk Full
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 3.55 ms
- Last State Change
- Fri Mar 21 13:43:01 2025
- Last Check
- Mon Mar 24 03:52:51 2025
- Next Check
- Mon Mar 24 04:02:51 2025
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Fri Mar 21 13:46:10 2025
- Last Check
- Mon Mar 24 03:46:08 2025
- Next Check
- Mon Mar 24 03:56:08 2025
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Sun Mar 23 09:40:59 2025
- Last Check
- Mon Mar 24 03:50:57 2025
- Next Check
- Mon Mar 24 04:00:57 2025
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Fri Mar 21 13:42:59 2025
- Last Check
- Mon Mar 24 03:52:57 2025
- Next Check
- Mon Mar 24 04:02:57 2025
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Fri Mar 21 13:43:19 2025
- Last Check
- Mon Mar 24 03:51:18 2025
- Next Check
- Mon Mar 24 04:01:18 2025
Sites
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/Sites/ riverside.nhs.uk
Misconfigured Site IdP
/
Misconfigured ORPS proxy
/
Misconfigured RRPS proxy
/
Certificate Configuration
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- CRITICAL: Not a URL in CRLDP
- Last State Change
- Fri Mar 21 13:43:20 2025
- Last Check
- Mon Mar 24 03:51:09 2025
- Next Check
- Mon Mar 24 04:01:09 2025
- Meaning:
-
There are a number of critical failures;
- Subject Alt Name: The SAN should contain the hostname in the CN.
- CRLDP: This should be present and contain a valid URL
- Solution:
- Reconfigure the server certificate with the correct attributes.
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Fri Mar 21 13:44:02 2025
- Last Check
- Mon Mar 24 03:51:57 2025
- Next Check
- Mon Mar 24 04:01:57 2025
- Meaning:
- No response was sent to the authentication request. The impact of this can be quite serious. The NRPS will mark this server as down for five minutes when it doesn't receive a response within 30s. If this is an RRPS for a Federation then that could knock out the service for all encompassed sites. So it's important for all RRPS and ORPS to always respond to an auth request.
- Solution:
- Reponses must be sent to all EAP requests.
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Fri Mar 21 13:43:18 2025
- Last Check
- Mon Mar 24 03:51:14 2025
- Next Check
- Mon Mar 24 04:01:14 2025
- Meaning:
- An authentication attempt was made using supplied credentials that should have been proxied to the appropriate site but there was no response. It's part of the Tech Spec that all proxied requests MUST receive a response. There are be serious consequences if sites silently drop authentication requests: RADIUS servers will mark servers down that fail to respond, ultimately disabling the entire site.
- Solution:
- Ensure that there is a working proxy path from your RRPS through to the appropriate site's IdP and that the IdP always responds to an authentication attempt.
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 3.97 ms
- Last State Change
- Fri Mar 21 13:47:36 2025
- Last Check
- Mon Mar 24 03:47:26 2025
- Next Check
- Mon Mar 24 03:57:26 2025
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Fri Mar 21 13:46:39 2025
- Last Check
- Mon Mar 24 03:46:38 2025
- Next Check
- Mon Mar 24 03:56:37 2025
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Sun Mar 23 09:36:06 2025
- Last Check
- Mon Mar 24 03:46:04 2025
- Next Check
- Mon Mar 24 03:56:04 2025
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Fri Mar 21 13:45:14 2025
- Last Check
- Mon Mar 24 03:45:13 2025
- Next Check
- Mon Mar 24 03:55:13 2025
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Fri Mar 21 13:46:13 2025
- Last Check
- Mon Mar 24 03:44:12 2025
- Next Check
- Mon Mar 24 03:54:12 2025
Sites
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/Sites/ riverside.nhs.uk
Misconfigured Site IdP
/
Misconfigured ORPS proxy
/
Misconfigured RRPS proxy
/
Certificate Configuration
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- CRITICAL: Not a URL in CRLDP
- Last State Change
- Fri Mar 21 13:46:12 2025
- Last Check
- Mon Mar 24 03:44:01 2025
- Next Check
- Mon Mar 24 03:54:01 2025
- Meaning:
-
There are a number of critical failures;
- Subject Alt Name: The SAN should contain the hostname in the CN.
- CRLDP: This should be present and contain a valid URL
- Solution:
- Reconfigure the server certificate with the correct attributes.
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Fri Mar 21 13:48:32 2025
- Last Check
- Mon Mar 24 03:46:27 2025
- Next Check
- Mon Mar 24 03:56:27 2025
- Meaning:
- No response was sent to the authentication request. The impact of this can be quite serious. The NRPS will mark this server as down for five minutes when it doesn't receive a response within 30s. If this is an RRPS for a Federation then that could knock out the service for all encompassed sites. So it's important for all RRPS and ORPS to always respond to an auth request.
- Solution:
- Reponses must be sent to all EAP requests.
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Fri Mar 21 13:45:59 2025
- Last Check
- Mon Mar 24 03:43:54 2025
- Next Check
- Mon Mar 24 03:53:54 2025
- Meaning:
- An authentication attempt was made using supplied credentials that should have been proxied to the appropriate site but there was no response. It's part of the Tech Spec that all proxied requests MUST receive a response. There are be serious consequences if sites silently drop authentication requests: RADIUS servers will mark servers down that fail to respond, ultimately disabling the entire site.
- Solution:
- Ensure that there is a working proxy path from your RRPS through to the appropriate site's IdP and that the IdP always responds to an authentication attempt.
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 8.81 ms
- Last State Change
- Fri Mar 21 13:47:45 2025
- Last Check
- Mon Mar 24 03:47:35 2025
- Next Check
- Mon Mar 24 03:57:35 2025
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Fri Mar 21 13:46:38 2025
- Last Check
- Mon Mar 24 03:46:36 2025
- Next Check
- Mon Mar 24 03:56:36 2025
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Sun Mar 23 09:44:20 2025
- Last Check
- Mon Mar 24 03:44:18 2025
- Next Check
- Mon Mar 24 03:54:18 2025
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Fri Mar 21 13:45:33 2025
- Last Check
- Mon Mar 24 03:45:32 2025
- Next Check
- Mon Mar 24 03:55:32 2025
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Fri Mar 21 13:49:10 2025
- Last Check
- Mon Mar 24 03:47:08 2025
- Next Check
- Mon Mar 24 03:57:08 2025
Sites
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/Sites/ riverside.nhs.uk
Misconfigured Site IdP
/
Misconfigured ORPS proxy
/
Misconfigured RRPS proxy
/
Certificate Configuration
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- CRITICAL: Not a URL in CRLDP
- Last State Change
- Fri Mar 21 13:48:46 2025
- Last Check
- Mon Mar 24 03:46:34 2025
- Next Check
- Mon Mar 24 03:56:34 2025
- Meaning:
-
There are a number of critical failures;
- Subject Alt Name: The SAN should contain the hostname in the CN.
- CRLDP: This should be present and contain a valid URL
- Solution:
- Reconfigure the server certificate with the correct attributes.
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Fri Mar 21 13:44:41 2025
- Last Check
- Mon Mar 24 03:52:36 2025
- Next Check
- Mon Mar 24 04:02:36 2025
- Meaning:
- No response was sent to the authentication request. The impact of this can be quite serious. The NRPS will mark this server as down for five minutes when it doesn't receive a response within 30s. If this is an RRPS for a Federation then that could knock out the service for all encompassed sites. So it's important for all RRPS and ORPS to always respond to an auth request.
- Solution:
- Reponses must be sent to all EAP requests.
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Fri Mar 21 13:48:43 2025
- Last Check
- Mon Mar 24 03:46:38 2025
- Next Check
- Mon Mar 24 03:56:38 2025
- Meaning:
- An authentication attempt was made using supplied credentials that should have been proxied to the appropriate site but there was no response. It's part of the Tech Spec that all proxied requests MUST receive a response. There are be serious consequences if sites silently drop authentication requests: RADIUS servers will mark servers down that fail to respond, ultimately disabling the entire site.
- Solution:
- Ensure that there is a working proxy path from your RRPS through to the appropriate site's IdP and that the IdP always responds to an authentication attempt.
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 8.60 ms
- Last State Change
- Fri Mar 21 13:48:20 2025
- Last Check
- Mon Mar 24 03:48:11 2025
- Next Check
- Mon Mar 24 03:58:10 2025
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Fri Mar 21 13:47:34 2025
- Last Check
- Mon Mar 24 03:47:33 2025
- Next Check
- Mon Mar 24 03:57:33 2025
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Sun Mar 23 09:36:33 2025
- Last Check
- Mon Mar 24 03:46:31 2025
- Next Check
- Mon Mar 24 03:56:31 2025
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Fri Mar 21 13:46:27 2025
- Last Check
- Mon Mar 24 03:46:27 2025
- Next Check
- Mon Mar 24 03:56:26 2025
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Fri Mar 21 13:48:41 2025
- Last Check
- Mon Mar 24 03:46:39 2025
- Next Check
- Mon Mar 24 03:56:39 2025
Sites
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/Sites/ riverside.nhs.uk
Misconfigured Site IdP
/
Misconfigured ORPS proxy
/
Misconfigured RRPS proxy
/
Certificate Configuration
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- CRITICAL: Not a URL in CRLDP
- Last State Change
- Fri Mar 21 13:46:16 2025
- Last Check
- Mon Mar 24 03:44:06 2025
- Next Check
- Mon Mar 24 03:54:05 2025
- Meaning:
-
There are a number of critical failures;
- Subject Alt Name: The SAN should contain the hostname in the CN.
- CRLDP: This should be present and contain a valid URL
- Solution:
- Reconfigure the server certificate with the correct attributes.
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Fri Mar 21 13:47:15 2025
- Last Check
- Mon Mar 24 03:45:11 2025
- Next Check
- Mon Mar 24 03:55:11 2025
- Meaning:
- No response was sent to the authentication request. The impact of this can be quite serious. The NRPS will mark this server as down for five minutes when it doesn't receive a response within 30s. If this is an RRPS for a Federation then that could knock out the service for all encompassed sites. So it's important for all RRPS and ORPS to always respond to an auth request.
- Solution:
- Reponses must be sent to all EAP requests.
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Fri Mar 21 13:49:48 2025
- Last Check
- Mon Mar 24 03:47:43 2025
- Next Check
- Mon Mar 24 03:57:43 2025
- Meaning:
- An authentication attempt was made using supplied credentials that should have been proxied to the appropriate site but there was no response. It's part of the Tech Spec that all proxied requests MUST receive a response. There are be serious consequences if sites silently drop authentication requests: RADIUS servers will mark servers down that fail to respond, ultimately disabling the entire site.
- Solution:
- Ensure that there is a working proxy path from your RRPS through to the appropriate site's IdP and that the IdP always responds to an authentication attempt.
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 5.88 ms
- Last State Change
- Fri Mar 21 13:44:50 2025
- Last Check
- Mon Mar 24 03:44:41 2025
- Next Check
- Mon Mar 24 03:54:40 2025
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Fri Mar 21 13:46:58 2025
- Last Check
- Mon Mar 24 03:46:56 2025
- Next Check
- Mon Mar 24 03:56:56 2025
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Fri Mar 21 13:44:37 2025
- Last Check
- Mon Mar 24 03:44:37 2025
- Next Check
- Mon Mar 24 03:54:36 2025
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Fri Mar 21 13:47:14 2025
- Last Check
- Mon Mar 24 03:47:12 2025
- Next Check
- Mon Mar 24 03:57:12 2025
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Fri Mar 21 13:45:20 2025
- Last Check
- Mon Mar 24 03:43:19 2025
- Next Check
- Mon Mar 24 03:53:19 2025
Sites
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Mon Mar 24 03:43:43 2025
- Last Check
- Mon Mar 24 03:43:42 2025
- Next Check
- Mon Mar 24 03:53:42 2025
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code (Access-Reject) does not match expected (Access-Accept)
- Last State Change
- Sun Mar 23 12:14:41 2025
- Last Check
- Mon Mar 24 03:44:40 2025
- Next Check
- Mon Mar 24 03:54:39 2025
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code (Access-Reject) does not match expected (Access-Accept)
- Last State Change
- Fri Mar 21 15:35:17 2025
- Last Check
- Mon Mar 24 03:45:14 2025
- Next Check
- Mon Mar 24 03:55:14 2025
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 6.32 ms
- Last State Change
- Fri Mar 21 13:45:58 2025
- Last Check
- Mon Mar 24 03:45:48 2025
- Next Check
- Mon Mar 24 03:55:48 2025
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Fri Mar 21 13:47:26 2025
- Last Check
- Mon Mar 24 03:47:24 2025
- Next Check
- Mon Mar 24 03:57:24 2025
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Fri Mar 21 13:46:41 2025
- Last Check
- Mon Mar 24 03:46:40 2025
- Next Check
- Mon Mar 24 03:56:39 2025
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Fri Mar 21 13:48:09 2025
- Last Check
- Mon Mar 24 03:48:08 2025
- Next Check
- Mon Mar 24 03:58:08 2025
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Fri Mar 21 13:46:45 2025
- Last Check
- Mon Mar 24 03:44:43 2025
- Next Check
- Mon Mar 24 03:54:43 2025
Sites
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Mon Mar 24 03:44:31 2025
- Last Check
- Mon Mar 24 03:44:30 2025
- Next Check
- Mon Mar 24 03:54:30 2025
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code (Access-Reject) does not match expected (Access-Accept)
- Last State Change
- Fri Mar 21 13:45:00 2025
- Last Check
- Mon Mar 24 03:52:59 2025
- Next Check
- Mon Mar 24 04:02:59 2025
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code (Access-Reject) does not match expected (Access-Accept)
- Last State Change
- Fri Mar 21 13:44:54 2025
- Last Check
- Mon Mar 24 03:52:52 2025
- Next Check
- Mon Mar 24 04:02:52 2025
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 11.02 ms
- Last State Change
- Fri Mar 21 13:46:16 2025
- Last Check
- Mon Mar 24 03:46:07 2025
- Next Check
- Mon Mar 24 03:56:06 2025
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Fri Mar 21 13:44:40 2025
- Last Check
- Mon Mar 24 03:44:37 2025
- Next Check
- Mon Mar 24 03:54:37 2025
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Fri Mar 21 13:44:37 2025
- Last Check
- Mon Mar 24 03:44:35 2025
- Next Check
- Mon Mar 24 03:54:35 2025
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Fri Mar 21 13:49:53 2025
- Last Check
- Mon Mar 24 03:49:53 2025
- Next Check
- Mon Mar 24 03:59:51 2025
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Fri Mar 21 13:47:25 2025
- Last Check
- Mon Mar 24 03:45:23 2025
- Next Check
- Mon Mar 24 03:55:23 2025
Sites
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Mon Mar 24 03:36:24 2025
- Last Check
- Mon Mar 24 03:46:23 2025
- Next Check
- Mon Mar 24 03:56:23 2025
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code (Access-Reject) does not match expected (Access-Accept)
- Last State Change
- Fri Mar 21 13:46:29 2025
- Last Check
- Mon Mar 24 03:44:26 2025
- Next Check
- Mon Mar 24 03:54:26 2025
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code (Access-Reject) does not match expected (Access-Accept)
- Last State Change
- Fri Mar 21 14:33:30 2025
- Last Check
- Mon Mar 24 03:43:28 2025
- Next Check
- Mon Mar 24 03:53:28 2025
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 10.97 ms
- Last State Change
- Fri Mar 21 13:49:29 2025
- Last Check
- Mon Mar 24 03:49:18 2025
- Next Check
- Mon Mar 24 03:59:18 2025
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Fri Mar 21 13:46:26 2025
- Last Check
- Mon Mar 24 03:46:26 2025
- Next Check
- Mon Mar 24 03:56:25 2025
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
Server Shared Secret
- Output
- OK: Good shared secret over last day
- Last State Change
- Fri Mar 21 13:46:09 2025
- Last Check
- Mon Mar 24 03:46:07 2025
- Next Check
- Mon Mar 24 03:56:07 2025
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Fri Mar 21 14:04:11 2025
- Last Check
- Mon Mar 24 03:44:09 2025
- Next Check
- Mon Mar 24 03:54:09 2025
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Fri Mar 21 13:48:37 2025
- Last Check
- Mon Mar 24 03:46:35 2025
- Next Check
- Mon Mar 24 03:56:35 2025
Sites
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Mon Mar 24 03:37:51 2025
- Last Check
- Mon Mar 24 03:47:49 2025
- Next Check
- Mon Mar 24 03:57:49 2025
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code (Access-Reject) does not match expected (Access-Accept)
- Last State Change
- Fri Mar 21 13:48:10 2025
- Last Check
- Mon Mar 24 03:46:08 2025
- Next Check
- Mon Mar 24 03:56:08 2025
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code (Access-Reject) does not match expected (Access-Accept)
- Last State Change
- Fri Mar 21 13:47:00 2025
- Last Check
- Mon Mar 24 03:44:58 2025
- Next Check
- Mon Mar 24 03:54:58 2025
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
Called Station ID Check
- Output
- WARNING: 100% Lower case characters in MAC (last: 2025-03-23 22:36:21)
- Last State Change
- Fri Mar 21 13:47:08 2025
- Last Check
- Mon Mar 24 03:42:06 2025
- Next Check
- Mon Mar 24 03:57:03 2025
- Meaning:
- The Called-Station-ID contains the MAC address of the device the client connects to as well as, potentially, the SSID of the wireless network it connected to. The format of the MAC address is specified in RFC 3580 as 'XX-XX-XX-XX-XX-XX:SSID' with '-' being the only valid separator and all upper case. The SSID should be appended.
- Solution:
- Configure your wireless system to provide the CSI in the RFC3580 format.
Calling Station ID Check
- Output
- WARNING: 100% MAC format wrong, contains lower case (last: 2025-03-23 22:36:21)
- Last State Change
- Fri Mar 21 13:48:19 2025
- Last Check
- Mon Mar 24 03:43:18 2025
- Next Check
- Mon Mar 24 03:58:17 2025
- Meaning:
- Calling Station ID identifies the device making the connection and RFC 3580 states that the format should be XX-XX-XX-XX-XX-XX (i.e. '-' separated and upper case).
- Solution:
- Configure your wireless system to use upper case and '-' separated pairs.
Operator Check
- Output
- WARNING: 100% Missing Operator-Name (last: 2025-03-23 22:36:21)
- Last State Change
- Fri Mar 21 13:48:06 2025
- Last Check
- Mon Mar 24 03:43:05 2025
- Next Check
- Mon Mar 24 03:58:04 2025
- Meaning:
- Operator-Name is missing from RADIUS requests. Operator-Name identifies the site sending the requests and is used by home sites in audit trails and in cases of mis-use.
- Solution:
- Where possible (FreeRADIUS, radsecproxy, RADIATOR) Operator-Name should be configured to send the site identifier (in the format 1realm.name e.g. 1holby.nhs.uk).
Realm Syntax Check
- Output
- OK: 100.0% Good syntax (last: 2025-03-23 22:36:21)
- Last State Change
- Fri Mar 21 13:46:06 2025
- Last Check
- Mon Mar 24 03:46:05 2025
- Next Check
- Mon Mar 24 04:01:04 2025
VLAN Check
- Output
- CRITICAL: 100% Tunnel-Type attr present (last: 2025-03-23 22:36:21). 100% Tunnel-Medium-Type attr present (last: 2025-03-23 22:36:21). 100% Tunnel-Private-Group-ID (last: 2025-03-23 22:36:21)
- Last State Change
- Fri Mar 21 13:45:41 2025
- Last Check
- Mon Mar 24 03:40:38 2025
- Next Check
- Mon Mar 24 03:55:37 2025
- Meaning:
- Various attributes such as Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-ID being sent out in responses. The 'Tunnel' attributes are commonly used to instruct wireless controllers which VLAN to place a client in. Thus if these attributes aren't filtered out then one site might be sending these attributes to another site. At best users won't be connected, at worst they'll be placed on an inappropriate VLAN.
- Solution:
- Apply filters on the RADIUS servers to restrict the attributes to just the set as specified in the Tech Spec. Both outgoing AND incoming packets need the filters applied to them for everyone's protection