Home > Community > Technology > Security > CPPM Endpoint profiled then not profiled

Security

Reply
Topic Options
Super Contributor II
bourne
Posts: 387
Registered: ‎09-05-2012

CPPM Endpoint profiled then not profiled

Options

‎11-09-2015 07:28 PM

Hi,

 

We brought a new CPPM server online in one of our remote offices and joined it to the existing cluster.

 

Since then I have been having some strange issues with the Endpoints DB.

I have one endpoint in particular that keeps switching between being profiled and not profiled.

 

It seems that after a successful machine authentication, it is profiled, the next time it performs machine authentication, it then becomes not profiled. I am not doing anything that would change this status in the enforcement profiles.

 

Has anyone seen this behavior before?

 

On a side note, for the IP helper addresses that we configure to help with DHCP finger printing, should we be targetting the publisher? Or the subscriber in each remote location?

 

Thank you,

 

Cheers

 

Alert a Moderator
Message 1 of 9 (1,138 Views)
Reply
0 Kudos
MVP MVP
MVP
Victor Fabian
Posts: 4,269
Registered: ‎07-20-2011

Re: CPPM Endpoint profiled then not profiled

Options

‎11-09-2015 07:46 PM

What version are you running ?

You should have all the CPPMs IP address as DHCP relays
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Alert a Moderator
Message 2 of 9 (1,129 Views)
Reply
0 Kudos
Super Contributor II
bourne
Posts: 387
Registered: ‎09-05-2012

Re: CPPM Endpoint profiled then not profiled

Options

‎11-09-2015 07:55 PM

So for each subnet we should configure each CPPM as a dhcp relay in every location? I didn't know that!

Thank you. I will configure that in the morning.

 

As for the verison. We are running 6.5.4.76733 across all 3 CPPM servers.

Alert a Moderator
Message 3 of 9 (1,124 Views)
Reply
0 Kudos
miker
Contributor I
miker
Posts: 23
Registered: ‎09-17-2012

Re: CPPM Endpoint profiled then not profiled

Options

‎11-10-2015 05:50 AM

What is the reason for listing all servers as helpers? Redundancy or some other advantage in doing it?

Alert a Moderator
Message 4 of 9 (1,080 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph
Posts: 21,007
Registered: ‎03-29-2007

Re: CPPM Endpoint profiled then not profiled

Options

‎11-10-2015 05:53 AM

Honestly, you should only need to point to a single CPPM instance with profiler running.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 5 of 9 (1,077 Views)
Reply
0 Kudos
Super Contributor II
bourne
Posts: 387
Registered: ‎09-05-2012

Re: CPPM Endpoint profiled then not profiled

Options

‎11-10-2015 06:15 AM

What would be the best CPPM to point the IP helper address to?

 

I was thinking that the issue with endpoint becoming unprofiled was because the Subscriber was learning the finger print and profiling the device and when the publisher did the sync it was overwriting it. But perhaps that is not the case.

Alert a Moderator
Message 6 of 9 (1,062 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph
Posts: 21,007
Registered: ‎03-29-2007

Re: CPPM Endpoint profiled then not profiled

Options

‎11-10-2015 06:19 AM

The server that has the following enabled:

profiler.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 7 of 9 (1,060 Views)
Reply
0 Kudos
Super Contributor II
bourne
Posts: 387
Registered: ‎09-05-2012

Re: CPPM Endpoint profiled then not profiled

Options

‎11-10-2015 07:52 AM

I have confirmed that all three of the CPPM servers in the cluster have this feature enabled.

 

Is there anything else that could cause this behavior?

 

Is the process of profiling logged by the CPPM somewhere that I could maybe look at?

Alert a Moderator
Message 8 of 9 (1,046 Views)
Reply
0 Kudos
MVP MVP
MVP
boneyard
Posts: 1,413
Registered: ‎11-30-2011

Re: CPPM Endpoint profiled then not profiled

Options

‎12-26-2015 02:27 AM

no direct experience with this issue, but if you don't want to involve TAC (which could also be route of course) then you could try turning it off on two of them do determine if that perhaps helps.

Alert a Moderator
Message 9 of 9 (901 Views)
Reply
0 Kudos
Search Airheads
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Copyright © 2016 Aruba, a Hewlett Packard Enterprise company.
All Rights Reserved.
Powered by Lithium