Hi
I was on IRC earlier about this problem: my new ZyXel router (and aruba access point) does not connect:

iwctl station wlan0 connect NetScanner
Operation failed

In dmesg:
[43884.555390] wlan0: authenticate with b8:d5:26:23:09:56
[43884.621472] wlan0: send auth to b8:d5:26:23:09:56 (try 1/3)
[43884.623257] wlan0: authenticated
[43884.626163] wlan0: associate with b8:d5:26:23:09:56 (try 1/3)
[43884.630009] wlan0: RX AssocResp from b8:d5:26:23:09:56 (capab=0x411 status=0 aid=1)
[43884.632790] wlan0: associated
[43884.656703] wlan0: deauthenticating from b8:d5:26:23:09:56 by local choice (Reason: 1=UNSPECIFIED)

The iwd debug logging up to failuret:
src/network.c:network_connect()
src/network.c:network_connect_psk() ask_passphrase: false
src/station.c:station_enter_state() Old State: disconnected, new state: connecting
src/scan.c:scan_notify() Scan notification Trigger Scan(33)
src/station.c:station_netdev_event() Associating
src/scan.c:scan_notify() Scan notification New Scan Results(34)
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/netdev.c:netdev_mlme_notify() MLME notification New Station(19)
src/netdev.c:netdev_mlme_notify() MLME notification Authenticate(37)
src/netdev.c:netdev_authenticate_event()
src/netdev.c:netdev_mlme_notify() MLME notification Associate(38)
src/netdev.c:netdev_associate_event()
src/netdev.c:netdev_mlme_notify() MLME notification Connect(46)
src/netdev.c:netdev_connect_event()
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/netdev.c:netdev_unicast_notify() Unicast notification 129
src/netdev.c:netdev_control_port_frame_event()
src/eapol.c:eapol_handle_ptk_1_of_4() ifindex=4
src/netdev.c:netdev_control_port_frame_cb() 0
src/netdev.c:netdev_unicast_notify() Unicast notification 129
src/netdev.c:netdev_control_port_frame_event()
src/eapol.c:eapol_handle_ptk_3_of_4() ifindex=4
src/netdev.c:netdev_set_gtk() 4
src/netdev.c:netdev_set_igtk() 4
src/station.c:station_handshake_event() Setting keys
src/netdev.c:netdev_set_tk() 4
src/netdev.c:netdev_control_port_frame_cb() 0
New Key for Group Mgmt failed for ifindex: 4

I noticed in debug log that the first difference between this new router and tethered mobile phone is this:
src/netdev.c:netdev_set_igtk() 4

So being misguided and industrious I commented out the callback setting for IGTK at:
https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/src/handshake.c#n72

which works around the problem for me.
I reverted that patch and created /etc/iwd/main.conf with:
[General]
ManagementFrameProtection=0

which works but with the caveat that I now have to manually do iwctl connect and type the password in.

I attached the pcap and screen capture at the time of the failed connection attempt (unfortunately the pcap seems to be missing events that are on screen which is why I include both).

Please let me know if any more information is needed. Any help greatly appreciated.

many thanks
cheers
albert

ps. fwiw wpa_supplicant works fine, but I am not keen to use it.