Security

Reply
Occasional Contributor II
Posts: 29
Registered: ‎08-06-2013

Issue with hidden SSID with CPPM and Airwatch

Hi Community,

 

We have tried to integrate airwatch to our network and we find it strange that when we hide the ssid, clearpass cannot check if the client (iphone) is managed by airwatch.

 

If the ssid is not hidden, it works just fine. We can  see under the endpoints that the client is managed on airwatch. When we tried to hide the ssid (delete the client entry from endpointsand from the iphone, we delete the profile that was pushed to the client from airwatch) then pushed the config from airwatch to the iphone(we have to tick the hidden ssid as well on airwatch), the client can see the ssid but for some reason we cannot find the attribute that the client is managed by airwatch. And to add to it, once we turn off the wifi of the client and turn it back on, it cannot find the ssid.

 

I was hoping if anyone was able to encounter similar issue and can help.

 

 

Thanks

 

Oliver

Guru Elite
Posts: 20,424
Registered: ‎03-29-2007

Re: Issue with hidden SSID with CPPM and Airwatch

[ Edited ]

Oliverm

 

The client sync/create its the entry in the endpoints database when it synchs with Airwatch.  If you delete the Endpoint entry, it should only put it back into the Endpoints database if you (1) create it manually (2) wait an hour for the endpoints database to synch with Airwatch (3) or Click on Update from the Airwatch definition in ClearPass.  If you do nothing, the client will not be in the endpoints database and we cannot enforce policy on that client, and it will seem foreign.  This could match your situation or other things could be going on...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 29
Registered: ‎08-06-2013

Re: Issue with hidden SSID with CPPM and Airwatch

[ Edited ]

Hi Cjoseph,

 

Is there a way for us to check from cppm if there is a communication with airwatch? We waited more than an hour if it does sync and we also tried to Update from airwatch definition. I was wondering if it is the username/password or API that may have caused it.

 

I'll try again and see how it goes.

 

Thanks 

 

Oliver Mina

Guru Elite
Posts: 20,424
Registered: ‎03-29-2007

Re: Issue with hidden SSID with CPPM and Airwatch

You can look in the Event Viewer:  If an Endpoint was modified by Apiadmin, that is a change probably by Airwatch:

 

apiadmin.png

 

Did you already see the ClearPass MDM Integration technote here? It has other ways you can detech that changes were made by Airwatch http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=7961



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Issue with hidden SSID with CPPM and Airwatch

You can also see Airwatch sync events in Event Viewer, which is in the same area as Audit Viewer (see Colin's pic).  Filter by "endpoint" and you should see the sync events.

 

FYI, there is a known bug with MDM synchronization stopping in CPPM, which I've experienced myself.  If you don't see synchronization occuring, double-check your Endpoint Context Server configuration (URL, API username/password).  Modifying these settings forces synchronization with Airwatch.  If still not synchronization occurs, the restart the Async network service.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Search Airheads
Showing results for 
Search instead for 
Did you mean: