Home > Community > Discuss > Technology > Security > CPPM Endpoint profiled then not profiled

Security

Reply
Topic Options
Super Contributor II
th_son

CPPM Endpoint profiled then not profiled

‎11-09-2015 07:28 PM

Hi,

 

We brought a new CPPM server online in one of our remote offices and joined it to the existing cluster.

 

Since then I have been having some strange issues with the Endpoints DB.

I have one endpoint in particular that keeps switching between being profiled and not profiled.

 

It seems that after a successful machine authentication, it is profiled, the next time it performs machine authentication, it then becomes not profiled. I am not doing anything that would change this status in the enforcement profiles.

 

Has anyone seen this behavior before?

 

On a side note, for the IP helper addresses that we configure to help with DHCP finger printing, should we be targetting the publisher? Or the subscriber in each remote location?

 

Thank you,

 

Cheers

 

Alert a Moderator
Message 1 of 9
1,453 Views
Tags (1)
Reply
0 Kudos
MVP MVP
MVP
Victor Fabian

Re: CPPM Endpoint profiled then not profiled

‎11-09-2015 07:46 PM

What version are you running ?

You should have all the CPPMs IP address as DHCP relays
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Alert a Moderator
Message 2 of 9
1,444 Views
Tags (1)
Reply
0 Kudos
Super Contributor II
th_son

Re: CPPM Endpoint profiled then not profiled

‎11-09-2015 07:55 PM

So for each subnet we should configure each CPPM as a dhcp relay in every location? I didn't know that!

Thank you. I will configure that in the morning.

 

As for the verison. We are running 6.5.4.76733 across all 3 CPPM servers.

Alert a Moderator
Message 3 of 9
1,439 Views
Tags (1)
Reply
0 Kudos
miker
Contributor I
miker

Re: CPPM Endpoint profiled then not profiled

‎11-10-2015 05:50 AM

What is the reason for listing all servers as helpers? Redundancy or some other advantage in doing it?

Alert a Moderator
Message 4 of 9
1,395 Views
Tags (1)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: CPPM Endpoint profiled then not profiled

‎11-10-2015 05:53 AM

Honestly, you should only need to point to a single CPPM instance with profiler running.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 5 of 9
1,392 Views
Tags (1)
Reply
0 Kudos
Super Contributor II
th_son

Re: CPPM Endpoint profiled then not profiled

‎11-10-2015 06:15 AM

What would be the best CPPM to point the IP helper address to?

 

I was thinking that the issue with endpoint becoming unprofiled was because the Subscriber was learning the finger print and profiling the device and when the publisher did the sync it was overwriting it. But perhaps that is not the case.

Alert a Moderator
Message 6 of 9
1,377 Views
Tags (1)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: CPPM Endpoint profiled then not profiled

‎11-10-2015 06:19 AM

The server that has the following enabled:

profiler.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 7 of 9
1,375 Views
Tags (1)
Reply
0 Kudos
Super Contributor II
th_son

Re: CPPM Endpoint profiled then not profiled

‎11-10-2015 07:52 AM

I have confirmed that all three of the CPPM servers in the cluster have this feature enabled.

 

Is there anything else that could cause this behavior?

 

Is the process of profiling logged by the CPPM somewhere that I could maybe look at?

Alert a Moderator
Message 8 of 9
1,361 Views
Tags (1)
Reply
0 Kudos
MVP MVP
MVP
boneyard

Re: CPPM Endpoint profiled then not profiled

‎12-26-2015 02:27 AM

no direct experience with this issue, but if you don't want to involve TAC (which could also be route of course) then you could try turning it off on two of them do determine if that perhaps helps.

Alert a Moderator
Message 9 of 9
1,216 Views
Reply
0 Kudos
Search Airheads
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Copyright © 2016 Aruba, a Hewlett Packard Enterprise company.
All Rights Reserved.
Powered by Lithium