Problem:
Cluster join stuck at 'Retaining local node certificate'
Diagnostics:
While attempting to join ClearPass node to cluster, we see the below:
Setting up local machine as a subscriber to 10.17.x.x INFO - Local checks before adding subscriber passed INFO - 10.21.x.x: - Subscriber node added successfully for host=CPPMLAB INFO - Subscriber node entry added in publisher INFO - Backup databases for AppPlatform INFO - Backup databases for PolicyManager INFO - Backup databases for PolicyManager INFO - Stopping services INFO - Dropped existing databases for Policy Manager INFO - Create database and schema for Policy Manager INFO - Local database setup done for Policy Manager databases INFO - Subscriber password changed INFO - Syncing up initial data... INFO - Config database temporarily locked for updates INFO - 10.21.x.x: - Backup databases for AppPlatform INFO - 10.21.x.x: - Backup databases for PolicyManager INFO - Config database lock released INFO - Subscriber now replicating from publisher 10.21.x.x INFO - Retaining local node certificate WARNING - Restore local node config failed. Will retry... WARNING - Restore local node config failed. Will retry... WARNING - Restore local node config failed. Will retry...
Check for any WAN optimizers/firewall in network(between publisher and the node that is having issues which we are unable to join to cluster). Check for MTU packet size restrictions. The issue is because of MTU size restrictions.
Solution
Default MTU size in ClearPass is 1500 and can be checked by executing the command: show ip from appadmin console
Depending on the MTU size allowed in network, MTU size can be changed in ClearPass using the below command. For example if the allowed MTU size is 1400, then:
configure mtu <mgmt|data> <mtu-value>
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.