Security

Reply
Contributor I

6.6.10 upgrade seems to have caused timeouts for MSCHAPv2

This morning we upgraded two of our 5k clearpass boxes from 6.6.9 to 6.6.10.  When those boxes were rebooted, an error appeared in the event log: 'Failed to start cpass-domain-server_[institution name]'.  This was fixed by restarting the domain service.

 

Since the update, all AD auths using MSCHAPv2 on those boxes results in a timeout.  The error appears in the access tracker:

 

 

MSCHAP: AD status:{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired. (0xc00000b5) 
MSCHAP: Authentication failed
EAP-MSCHAPv2: User authentication failure

The logs show a similar error, with the addition of this:

 

 

ERROR RadiusServer.Radius - rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

The server that remains on 6.6.9 is unaffected by this behaviour, and the 6.6.10 servers can handle non-MSCHAPv2 authentications fine.

 

 

The release notes for 6.6.10 show a few small changes in AD auth behaviour: release notes.  Could this explain the problem?

 

 

 

Re: 6.6.10 upgrade seems to have caused timeouts for MSCHAPv2

What was the previous version you were on ?


Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: 6.6.10 upgrade seems to have caused timeouts for MSCHAPv2

6.6.9

Guru Elite

Re: 6.6.10 upgrade seems to have caused timeouts for MSCHAPv2

Always best to work with Aruba TAC for things like this.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: