Security

Reply
Occasional Contributor II
Posts: 29
Registered: ‎08-01-2013

Devices automatically revert back to Unknown in the ClearPass endpoint database

Hello,

 

One of my customers is experiencing an odd issue whereby some Known clients are changed back to Unknown within seconds in the Endpoint Database.

This is not directly related to a client's access request and will happen at any time, alhought it does not affect all clients.

An Aruba Support case has been created for this, but I thought about asking here in cae anybody else has seen this before.

 

Regards,

 

Giuseppe Damiano/

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: Devices automatically revert back to Unknown in the ClearPass endpoint database

Giuseppe Damiano,

 

That should not happen so quickly, unless you have a rule that changes the known/unknown status of those devices.  The value should stay put, at least for 24 hours with no issue....

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 748
Registered: ‎03-25-2009

Re: Devices automatically revert back to Unknown in the ClearPass endpoint database

"The value should stay put, at least for 24 hours with no issue...."..

euhm.. I'll put this to weird phrasing but.. the only reason why an endpoint would change known to unknown is if the endpoint was removed (cleanup) and rediscovered or changed by an enforcement policy right?

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor II
Posts: 29
Registered: ‎08-01-2013

Re: Devices automatically revert back to Unknown in the ClearPass endpoint database

Annoyingly enough, the issue has now stopped manifesting itself (right after I had escalated the case to Aruba TAC).

 

In terms of enforcement, the policy used was the Sample Allow All, but what's more important is that the reverting back to unknown did not jut happen upon connection to a wireless network. It happen as soon as the endpoint was manually marked a known by the administrator.

 

One clue that is missing from the description is that ClearPass was synchronising with Airwatch to import known endpoints. However, when the issue begun, we deleted Airwatch altogether from the list of Context servers and the issue carried on happening even when manually deleting, recreating the endpoint.

 

All the Database cleanup times were and still are set to default.

 

I've sent the logs to support in the hope the captured some relevant information, but I am now waiting for the issue to appear again.

 

Cheers,

 

Giuseppe/

Search Airheads
Showing results for 
Search instead for 
Did you mean: