Security

last person joined: 10 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

clear pass error code 102 - internal error

This thread has been viewed 3 times

  • 1.  clear pass error code 102 - internal error

    Posted Jul 22, 2015 11:52 AM

    Testing clearpass guest on a pair of CP-VA-5K running version 6.4.4.70162.  Noticed that some operators are having trouble login into the guest manager application. They complain that they noticed the browser hangs after they submitted their AD credentials...  They restart their browser or try a different browser and they issue persists for a few seconds.  Then it just starts to work.   

     

    This is the common error in access tracker for all of these users: 

     

    Error Code: 102
    Error Category:
    Internal error
    Error Message:
    Failed to perform policy evaluation
    Alerts for this Request
    WebAuthService Failed to contact policy server for access policy evaluation

     

    Has anyone else seen this issue before?  Is there a fix? Or is this a bug or maybe a bad LDAP configuration? 

     

     



  • 2.  RE: clear pass error code 102 - internal error

    EMPLOYEE
    Posted Jul 22, 2015 07:42 PM

    If you haven't please open a TAC case.  It could be any combination of issues.

     



  • 3.  RE: clear pass error code 102 - internal error

    Posted Jul 22, 2015 10:01 PM

    I actually opened a TAC case before posting it here.  I wanted to see if anyone else had run into this specifc error.  If so, I would be interested to know what was the issue/resolution in their case?  I understand this could be caused by any sort of issues. I am just trying to understand if this is due to a common misconfiguraiton or if we are running into some sort of bug.

     

    Likewise if I can find a resolution working with TAC I'll post it here. 



  • 4.  RE: clear pass error code 102 - internal error

    Posted Aug 07, 2015 02:56 PM

    Update - issue is still happening at random times.  Working with TAC....

     

    But in the mean time I have managed to narrow the issue down by looking at debug logs from CPPM, logs form LDAP, and packet capture from CPPM server.  There are a couple of things that stand out but I am not too familiar with all of the concepts... Just throwing it out here to see if this rings any bells for anyone.

     

    1- First of all, my LDAP engineer confirmed that he is getting the LDAP query from clear pass for the failed request.  He also sees the LDAP server respond with the query results immediately and with out errors. But clear pass still failed after a 10 minute delay.

     

    2- Secondly, at the exact same time of that clear pass sends the failed request message to access tracker... The packet capture also shows a TCP reset initiated by clear pass at the same time that the LDAP query is sent out by CPPM. 

     

    My LDAP engineer mentioned that in the past he has seen a similar issue with servers that use "Java based pools".  Does this ring a bell to anyone?  I don't remember reading about this in the CPPM user guides but that sounds like an internal thing.



  • 5.  RE: clear pass error code 102 - internal error

    Posted Sep 13, 2015 06:27 AM

    hey raff, just wondering, ever found a solution for this?



  • 6.  RE: clear pass error code 102 - internal error

    Posted Sep 14, 2015 03:39 PM

    hey boneyard - almost there ;)  The issue appears to be related to a tcp session timeout some where along the path between cppm and ldap. Working with Aruba support staff (SE, TAC, etc) and our F5 guys we have isolated the issue to a possible configuration issue on the load balancer. But we are still testing some things to rule out some assumptions.