Security

Reply

ClearPass subscriber out of sync

I had a subscriber offline for a day, which was long enough to cause issues with the cluster syncing.  Besides dropping the subscriber from the cluster, is there any other way of resolving an out of sync issue?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: ClearPass subscriber out of sync

I’ve never found a better way. Dropping is the safest/cleanest. I usually stop TACACS and RADIUS services on the subscriber before I drop it so the NADs put the server out of service.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba

Re: ClearPass subscriber out of sync

As of today that is your only option.

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.

Re: ClearPass subscriber out of sync

Thanks for confirming.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Frequent Contributor I

Re: ClearPass subscriber out of sync

Worked great for me. One of my nodes was out-of-syn because of asymetric routing. We also use wan acceleration so in order to prevent any problem I've added rules on these devices to bypass traffic among all cluster nodes

 

Super Contributor II

Re: ClearPass subscriber out of sync

Looks like I have a similar problem.

Our Subscriber today is reporting that it is out of sync.

I believe it is due to an extended downtime of the Subscriber server.

 

I didn't form the initial cluster so I am a little shaky on the steps.

 

Would I take the following steps?

 

  1. Log into the Subscriber and stop TACACS and RADIUS services (as suggested by @cappalli)
  2. Log into the Publisher and go to Administrator > Server Manager > Server Configuration
  3. Select the Subscriber and select 'Drop Subscriber'
  4. From the Subscriber select the option 'Make Subscriber' - Select the option 'Do not backup the existing databases...'
  5. From the Subscriber start the TACACS and RADIUS services

Thank you,

 

Cheers

Re: ClearPass subscriber out of sync

Yep, that's right. I've never stopped the TACACS service when removing or
joining a subscriber and haven't run into problems. It certainly wouldn't
hurt though.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Super Contributor II

Re: ClearPass subscriber out of sync

Thank you very much for confirming the steps!

 

Good to know about the services. I will keep that in mind when I am ready to repair the cluster.

 

Cheers

Guru Elite

Re: ClearPass subscriber out of sync

The only reason I recommend manually stopping the TACACS and RADIUS services is that it gives the controllers/switches more time to age out the auth server.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: ClearPass subscriber out of sync

Those are the steps I've always followed.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: