Security

This morning we upgraded two of our 5k clearpass boxes from 6.6.9 to 6.6.10.  When those boxes were rebooted, an error appeared in the event log: 'Failed to start cpass-domain-server_[institution name]'.  This was fixed by restarting the domain service.

 

Since the update, all AD auths using MSCHAPv2 on those boxes results in a timeout.  The error appears in the access tracker:

 

 

MSCHAP: AD status:{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired. (0xc00000b5) 
MSCHAP: Authentication failed
EAP-MSCHAPv2: User authentication failure

The logs show a similar error, with the addition of this:

 

 

ERROR RadiusServer.Radius - rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

The server that remains on 6.6.9 is unaffected by this behaviour, and the 6.6.10 servers can handle non-MSCHAPv2 authentications fine.

 

 

The release notes for 6.6.10 show a few small changes in AD auth behaviour: release notes.  Could this explain the problem?

 

 

 

What was the previous version you were on ?


Sent from Mail for Windows 10

6.6.9

Always best to work with Aruba TAC for things like this.

Does anyone have a fix on for this? 
After rebooting my machines (6.6.9) both of them show the same behaviour.

Error messsage:

MSCHAP: AD status:{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired. (0xc00000b5)

Like Tim stated above I would work with TAC. There might be an underlying cause that we can’t troubleshoot here in the forum.

Thanks for your answer. I just opened a TAC case!

have you resolved.

This is an old thread. CPPM is currently on 6.8.x versions.6.6 is a very old version and if you are having issues with it then you need to call TAC.