Realm: clch.nhs.uk Full
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 3.82 ms
- Last State Change
- Thu Dec 12 11:35:45 2024
- Last Check
- Thu Dec 12 20:35:35 2024
- Next Check
- Thu Dec 12 20:45:35 2024
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Thu Dec 12 11:32:58 2024
- Last Check
- Thu Dec 12 20:42:57 2024
- Next Check
- Thu Dec 12 20:52:57 2024
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
Server Shared Secret
- Output
- UNKNOWN: No Data. No logs to check for last day
- Last State Change
- Thu Dec 12 11:34:30 2024
- Last Check
- Thu Dec 12 20:42:29 2024
- Next Check
- Thu Dec 12 20:52:29 2024
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Thu Dec 12 11:32:45 2024
- Last Check
- Thu Dec 12 20:42:43 2024
- Next Check
- Thu Dec 12 20:52:43 2024
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Thu Dec 12 11:35:27 2024
- Last Check
- Thu Dec 12 20:43:26 2024
- Next Check
- Thu Dec 12 20:53:26 2024
Sites
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/Sites/ riverside.nhs.uk
Misconfigured ORPS proxy
/
Misconfigured RRPS proxy
/
Misconfigured Site IdP
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:34:57 2024
- Last Check
- Thu Dec 12 20:42:56 2024
- Next Check
- Thu Dec 12 20:52:56 2024
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:35:28 2024
- Last Check
- Thu Dec 12 20:43:27 2024
- Next Check
- Thu Dec 12 20:53:27 2024
- Meaning:
- No response was sent to the authentication request. The impact of this can be quite serious. The NRPS will mark this server as down for five minutes when it doesn't receive a response within 30s. If this is an RRPS for a Federation then that could knock out the service for all encompassed sites. So it's important for all RRPS and ORPS to always respond to an auth request.
- Solution:
- Reponses must be sent to all EAP requests.
clch.nhs.uk/clch-nhs-uk-2/roaming0.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:32:11 2024
- Last Check
- Thu Dec 12 20:40:11 2024
- Next Check
- Thu Dec 12 20:50:10 2024
- Meaning:
- An authentication attempt was made using supplied credentials that should have been proxied to the appropriate site but there was no response. It's part of the Tech Spec that all proxied requests MUST receive a response. There are be serious consequences if sites silently drop authentication requests: RADIUS servers will mark servers down that fail to respond, ultimately disabling the entire site.
- Solution:
- Ensure that there is a working proxy path from your RRPS through to the appropriate site's IdP and that the IdP always responds to an authentication attempt.
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 3.78 ms
- Last State Change
- Thu Dec 12 11:34:14 2024
- Last Check
- Thu Dec 12 20:44:06 2024
- Next Check
- Thu Dec 12 20:54:05 2024
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Thu Dec 12 11:34:46 2024
- Last Check
- Thu Dec 12 20:44:45 2024
- Next Check
- Thu Dec 12 20:54:45 2024
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
Server Shared Secret
- Output
- UNKNOWN: No Data. No logs to check for last day
- Last State Change
- Thu Dec 12 11:35:24 2024
- Last Check
- Thu Dec 12 20:43:22 2024
- Next Check
- Thu Dec 12 20:53:22 2024
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Thu Dec 12 11:36:54 2024
- Last Check
- Thu Dec 12 20:36:53 2024
- Next Check
- Thu Dec 12 20:46:53 2024
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Thu Dec 12 11:35:44 2024
- Last Check
- Thu Dec 12 20:43:43 2024
- Next Check
- Thu Dec 12 20:53:43 2024
Sites
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:37:12 2024
- Last Check
- Thu Dec 12 20:45:10 2024
- Next Check
- Thu Dec 12 20:55:10 2024
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:36:03 2024
- Last Check
- Thu Dec 12 20:44:02 2024
- Next Check
- Thu Dec 12 20:54:02 2024
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-2/roaming1.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:36:54 2024
- Last Check
- Thu Dec 12 20:44:53 2024
- Next Check
- Thu Dec 12 20:54:53 2024
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 9.28 ms
- Last State Change
- Thu Dec 12 11:36:32 2024
- Last Check
- Thu Dec 12 20:36:22 2024
- Next Check
- Thu Dec 12 20:46:22 2024
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Thu Dec 12 11:37:48 2024
- Last Check
- Thu Dec 12 20:37:48 2024
- Next Check
- Thu Dec 12 20:47:46 2024
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
Server Shared Secret
- Output
- UNKNOWN: No Data. No logs to check for last day
- Last State Change
- Thu Dec 12 11:34:02 2024
- Last Check
- Thu Dec 12 20:42:00 2024
- Next Check
- Thu Dec 12 20:52:00 2024
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Thu Dec 12 11:34:01 2024
- Last Check
- Thu Dec 12 20:43:59 2024
- Next Check
- Thu Dec 12 20:53:59 2024
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Thu Dec 12 11:33:48 2024
- Last Check
- Thu Dec 12 20:41:46 2024
- Next Check
- Thu Dec 12 20:51:46 2024
Sites
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:33:08 2024
- Last Check
- Thu Dec 12 20:41:07 2024
- Next Check
- Thu Dec 12 20:51:06 2024
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:35:39 2024
- Last Check
- Thu Dec 12 20:43:38 2024
- Next Check
- Thu Dec 12 20:53:38 2024
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-2/roaming2.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:34:35 2024
- Last Check
- Thu Dec 12 20:42:33 2024
- Next Check
- Thu Dec 12 20:52:33 2024
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 10.07 ms
- Last State Change
- Thu Dec 12 11:38:03 2024
- Last Check
- Thu Dec 12 20:37:53 2024
- Next Check
- Thu Dec 12 20:47:53 2024
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Thu Dec 12 11:33:31 2024
- Last Check
- Thu Dec 12 20:43:28 2024
- Next Check
- Thu Dec 12 20:53:28 2024
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
Server Shared Secret
- Output
- UNKNOWN: No Data. No logs to check for last day
- Last State Change
- Thu Dec 12 11:37:11 2024
- Last Check
- Thu Dec 12 20:45:09 2024
- Next Check
- Thu Dec 12 20:55:09 2024
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Thu Dec 12 11:34:45 2024
- Last Check
- Thu Dec 12 20:44:44 2024
- Next Check
- Thu Dec 12 20:54:44 2024
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Thu Dec 12 11:36:28 2024
- Last Check
- Thu Dec 12 20:44:26 2024
- Next Check
- Thu Dec 12 20:54:26 2024
Sites
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:37:30 2024
- Last Check
- Thu Dec 12 20:45:28 2024
- Next Check
- Thu Dec 12 20:55:28 2024
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:37:18 2024
- Last Check
- Thu Dec 12 20:45:16 2024
- Next Check
- Thu Dec 12 20:55:16 2024
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-2/roaming3.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:36:18 2024
- Last Check
- Thu Dec 12 20:44:17 2024
- Next Check
- Thu Dec 12 20:54:17 2024
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 6.41 ms
- Last State Change
- Thu Dec 12 11:33:34 2024
- Last Check
- Thu Dec 12 20:43:23 2024
- Next Check
- Thu Dec 12 20:53:23 2024
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Thu Dec 12 11:36:10 2024
- Last Check
- Thu Dec 12 20:36:09 2024
- Next Check
- Thu Dec 12 20:46:09 2024
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
Server Shared Secret
- Output
- UNKNOWN: No Data. No logs to check for last day
- Last State Change
- Thu Dec 12 11:33:32 2024
- Last Check
- Thu Dec 12 20:41:30 2024
- Next Check
- Thu Dec 12 20:51:30 2024
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Thu Dec 12 11:35:51 2024
- Last Check
- Thu Dec 12 20:35:49 2024
- Next Check
- Thu Dec 12 20:45:49 2024
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Thu Dec 12 11:33:36 2024
- Last Check
- Thu Dec 12 20:41:35 2024
- Next Check
- Thu Dec 12 20:51:35 2024
Sites
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/Sites/ riverside.nhs.uk
Misconfigured ORPS proxy
/
Misconfigured RRPS proxy
/
Misconfigured Site IdP
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:33:59 2024
- Last Check
- Thu Dec 12 20:41:57 2024
- Next Check
- Thu Dec 12 20:51:57 2024
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:33:47 2024
- Last Check
- Thu Dec 12 20:41:45 2024
- Next Check
- Thu Dec 12 20:51:45 2024
- Meaning:
- No response was sent to the authentication request. The impact of this can be quite serious. The NRPS will mark this server as down for five minutes when it doesn't receive a response within 30s. If this is an RRPS for a Federation then that could knock out the service for all encompassed sites. So it's important for all RRPS and ORPS to always respond to an auth request.
- Solution:
- Reponses must be sent to all EAP requests.
clch.nhs.uk/clch-nhs-uk-3/roaming0.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- CRITICAL: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:34:20 2024
- Last Check
- Thu Dec 12 20:42:19 2024
- Next Check
- Thu Dec 12 20:52:19 2024
- Meaning:
- An authentication attempt was made using supplied credentials that should have been proxied to the appropriate site but there was no response. It's part of the Tech Spec that all proxied requests MUST receive a response. There are be serious consequences if sites silently drop authentication requests: RADIUS servers will mark servers down that fail to respond, ultimately disabling the entire site.
- Solution:
- Ensure that there is a working proxy path from your RRPS through to the appropriate site's IdP and that the IdP always responds to an authentication attempt.
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 6.63 ms
- Last State Change
- Thu Dec 12 11:36:59 2024
- Last Check
- Thu Dec 12 20:36:50 2024
- Next Check
- Thu Dec 12 20:46:49 2024
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Thu Dec 12 11:34:45 2024
- Last Check
- Thu Dec 12 20:44:44 2024
- Next Check
- Thu Dec 12 20:54:44 2024
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
Server Shared Secret
- Output
- UNKNOWN: No Data. No logs to check for last day
- Last State Change
- Thu Dec 12 11:37:11 2024
- Last Check
- Thu Dec 12 20:45:09 2024
- Next Check
- Thu Dec 12 20:55:09 2024
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Thu Dec 12 11:34:45 2024
- Last Check
- Thu Dec 12 20:44:44 2024
- Next Check
- Thu Dec 12 20:54:44 2024
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Thu Dec 12 11:35:43 2024
- Last Check
- Thu Dec 12 20:43:42 2024
- Next Check
- Thu Dec 12 20:53:42 2024
Sites
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:32:55 2024
- Last Check
- Thu Dec 12 20:40:54 2024
- Next Check
- Thu Dec 12 20:50:54 2024
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:35:50 2024
- Last Check
- Thu Dec 12 20:43:49 2024
- Next Check
- Thu Dec 12 20:53:49 2024
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-3/roaming1.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:36:11 2024
- Last Check
- Thu Dec 12 20:44:11 2024
- Next Check
- Thu Dec 12 20:54:10 2024
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 11.60 ms
- Last State Change
- Thu Dec 12 11:36:20 2024
- Last Check
- Thu Dec 12 20:36:10 2024
- Next Check
- Thu Dec 12 20:46:10 2024
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Thu Dec 12 11:34:07 2024
- Last Check
- Thu Dec 12 20:44:05 2024
- Next Check
- Thu Dec 12 20:54:05 2024
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
Server Shared Secret
- Output
- UNKNOWN: No Data. No logs to check for last day
- Last State Change
- Thu Dec 12 11:35:32 2024
- Last Check
- Thu Dec 12 20:43:30 2024
- Next Check
- Thu Dec 12 20:53:30 2024
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Thu Dec 12 11:35:43 2024
- Last Check
- Thu Dec 12 20:35:42 2024
- Next Check
- Thu Dec 12 20:45:42 2024
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Thu Dec 12 11:33:29 2024
- Last Check
- Thu Dec 12 20:41:27 2024
- Next Check
- Thu Dec 12 20:51:27 2024
Sites
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:36:48 2024
- Last Check
- Thu Dec 12 20:44:46 2024
- Next Check
- Thu Dec 12 20:54:46 2024
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:37:38 2024
- Last Check
- Thu Dec 12 20:35:36 2024
- Next Check
- Thu Dec 12 20:45:36 2024
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-3/roaming2.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:37:04 2024
- Last Check
- Thu Dec 12 20:45:03 2024
- Next Check
- Thu Dec 12 20:55:03 2024
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
Ping
- Output
- PING OK - Packet loss = 0%, RTA = 12.03 ms
- Last State Change
- Thu Dec 12 11:37:22 2024
- Last Check
- Thu Dec 12 20:37:11 2024
- Next Check
- Thu Dec 12 20:47:11 2024
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
RADIUS Port
- Output
- OK: Port 1812 is probably open, unless there's a DROP firewall
- Last State Change
- Thu Dec 12 11:37:51 2024
- Last Check
- Thu Dec 12 20:37:50 2024
- Next Check
- Thu Dec 12 20:47:49 2024
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
Server Shared Secret
- Output
- UNKNOWN: No Data. No logs to check for last day
- Last State Change
- Thu Dec 12 11:37:55 2024
- Last Check
- Thu Dec 12 20:35:53 2024
- Next Check
- Thu Dec 12 20:45:53 2024
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
Simple Authentication
- Output
- OK: Return code is as expected, Access-Reject
- Last State Change
- Thu Dec 12 11:36:14 2024
- Last Check
- Thu Dec 12 20:36:13 2024
- Next Check
- Thu Dec 12 20:46:13 2024
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/
Zombie
- Output
- UNKNOWN: No Data. No data but not marked as down within the last week
- Last State Change
- Thu Dec 12 11:37:57 2024
- Last Check
- Thu Dec 12 20:35:55 2024
- Next Check
- Thu Dec 12 20:45:55 2024
Sites
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/Sites/ riverside.nhs.uk
Missing Realm Account
/
Unfiltered Attributes
/
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/Sites/riverside.nhs.uk/
Certificate in Realm riverside.nhs.uk
- Output
- UNKNOWN: Timeout. No response from site.
- Last State Change
- Thu Dec 12 11:37:44 2024
- Last Check
- Thu Dec 12 20:35:42 2024
- Next Check
- Thu Dec 12 20:45:42 2024
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/Sites/riverside.nhs.uk/
Tunnel Type in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:37:10 2024
- Last Check
- Thu Dec 12 20:45:08 2024
- Next Check
- Thu Dec 12 20:55:08 2024
- Meaning:
-
There are a number of possible warnings:
- Actual return code does not match expected: The supplied credentials didn't authentication.
- Solution:
-
- Check that the supplied credentials are still valid.
clch.nhs.uk/clch-nhs-uk-3/roaming3.govroam.uk/Sites/riverside.nhs.uk/
User in Realm riverside.nhs.uk
- Output
- WARNING: Actual return code () does not match expected (Access-Accept)
- Last State Change
- Thu Dec 12 11:37:03 2024
- Last Check
- Thu Dec 12 20:45:01 2024
- Next Check
- Thu Dec 12 20:55:01 2024
- Meaning:
- An authentication attempt was made using supplied credentials and the wrong response was received (should be Access-Accept). The server is configured but, for some reason, the credentials aren't right.
- Solution:
- Check that the credentials supplied to Jisc are still there, not expired and ought to be working.
Called Station ID Check
- Output
- WARNING: 100% Lower case characters in MAC (last: 2024-12-12 20:15:37)
- Last State Change
- Thu Dec 12 12:02:07 2024
- Last Check
- Thu Dec 12 20:42:06 2024
- Next Check
- Thu Dec 12 20:57:04 2024
- Meaning:
- The Called-Station-ID contains the MAC address of the device the client connects to as well as, potentially, the SSID of the wireless network it connected to. The format of the MAC address is specified in RFC 3580 as 'XX-XX-XX-XX-XX-XX:SSID' with '-' being the only valid separator and all upper case. The SSID should be appended.
- Solution:
- Configure your wireless system to provide the CSI in the RFC3580 format.
Calling Station ID Check
- Output
- WARNING: 100% MAC format wrong, contains lower case (last: 2024-12-12 20:15:37)
- Last State Change
- Thu Dec 12 12:00:02 2024
- Last Check
- Thu Dec 12 20:39:59 2024
- Next Check
- Thu Dec 12 20:54:57 2024
- Meaning:
- Calling Station ID identifies the device making the connection and RFC 3580 states that the format should be XX-XX-XX-XX-XX-XX (i.e. '-' separated and upper case).
- Solution:
- Configure your wireless system to use upper case and '-' separated pairs.
Operator Check
- Output
- WARNING: 100% Missing Operator-Name (last: 2024-12-12 20:15:37)
- Last State Change
- Thu Dec 12 12:03:48 2024
- Last Check
- Thu Dec 12 20:43:47 2024
- Next Check
- Thu Dec 12 20:58:45 2024
- Meaning:
- Operator-Name is missing from RADIUS requests. Operator-Name identifies the site sending the requests and is used by home sites in audit trails and in cases of mis-use.
- Solution:
- Where possible (FreeRADIUS, radsecproxy, RADIATOR) Operator-Name should be configured to send the site identifier (in the format 1realm.name e.g. 1holby.nhs.uk).
Realm Syntax Check
- Output
- WARNING: 2% 3GPP realm (last: 2024-12-12 17:21:35)
- Last State Change
- Thu Dec 12 17:29:58 2024
- Last Check
- Thu Dec 12 20:44:55 2024
- Next Check
- Thu Dec 12 20:59:53 2024
- Meaning:
- Users and devices often put in their email addresses or preconfigured setting such as '@gmail.com' or '3gppnetwork.org' which are never going to be Govroam realms.
- Solution:
- Filter out the common realms which are never going to be Govroam sites.
VLAN Check
- Output
- CRITICAL: 100% Tunnel-Type attr present (last: 2024-12-12 20:15:37). 100% Tunnel-Medium-Type attr present (last: 2024-12-12 20:15:37). 100% Tunnel-Private-Group-ID (last: 2024-12-12 20:15:37)
- Last State Change
- Thu Dec 12 12:03:15 2024
- Last Check
- Thu Dec 12 20:43:13 2024
- Next Check
- Thu Dec 12 20:58:11 2024
- Meaning:
- Various attributes such as Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-ID being sent out in responses. The 'Tunnel' attributes are commonly used to instruct wireless controllers which VLAN to place a client in. Thus if these attributes aren't filtered out then one site might be sending these attributes to another site. At best users won't be connected, at worst they'll be placed on an inappropriate VLAN.
- Solution:
- Apply filters on the RADIUS servers to restrict the attributes to just the set as specified in the Tech Spec. Both outgoing AND incoming packets need the filters applied to them for everyone's protection