🧾 Description
This article explains a known issue affecting Skorpio X5 (SX5) devices running Android 11 when attempting to connect to enterprise Wi-Fi networks using PEAP authentication without specifying a domain. The issue is caused by stricter security requirements introduced in Android 11.
Environment
Device: Datalogic Skorpio X5
Operating System: Android 11
Network: Enterprise Wi-Fi using PEAP (Protected EAP)
Tools: Scan2Deploy (S2D), RADIUS server
Issue
Starting with Android 11, devices require a domain name to validate the server certificate during PEAP authentication. If the domain is unknown or not configured, the device will fail to connect to the Wi-Fi network.
🛠️ Resolution Steps
Scan2Deploy does not allow domain specification for PEAP, resulting in a staging error.
The RADIUS server certificate may also be rejected if it lacks proper domain information or if the domain is not trusted.
Root Cause
Android 11 enforces server certificate validation for enterprise Wi-Fi connections. Without a domain specified:
The device cannot validate the certificate chain.
The connection is blocked for security reasons.
This behavior is documented in:
SecureW2: Android 11 Server Certificate Validation Error and Solution
XDA Developers: Android 11 will no longer let you connect to some enterprise WiFi networks
Workaround
Since the customer does not know the domain and cannot bypass the certificate validation:
Downgrade to Android 10:
Flash the device with Android 10 firmware (v2.13.003).
This version does not require domain specification for PEAP.
Wi-Fi connection works as expected without staging errors.
⚠️ Note: Downgrading may go against release note recommendations. Proceed with caution and ensure backups are taken.
Plan for Infrastructure Update:
Long-term solution requires:
Updating the RADIUS server to include a valid certificate with domain.
Ensuring the domain is known and trusted.
Using Android 11+ compatible staging tools or methods.
Additional Notes
This issue is not specific to Datalogic devices but affects all Android 11+ devices using PEAP without domain validation.