Security

Reply
Contributor I

clear pass error code 102 - internal error

Testing clearpass guest on a pair of CP-VA-5K running version 6.4.4.70162.  Noticed that some operators are having trouble login into the guest manager application. They complain that they noticed the browser hangs after they submitted their AD credentials...  They restart their browser or try a different browser and they issue persists for a few seconds.  Then it just starts to work.   

 

This is the common error in access tracker for all of these users: 

 

Error Code: 102
Error Category:
Internal error
Error Message:
Failed to perform policy evaluation
Alerts for this Request
WebAuthService Failed to contact policy server for access policy evaluation

 

Has anyone else seen this issue before?  Is there a fix? Or is this a bug or maybe a bad LDAP configuration? 

 

 

Guru Elite

Re: clear pass error code 102 - internal error

If you haven't please open a TAC case.  It could be any combination of issues.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: clear pass error code 102 - internal error

I actually opened a TAC case before posting it here.  I wanted to see if anyone else had run into this specifc error.  If so, I would be interested to know what was the issue/resolution in their case?  I understand this could be caused by any sort of issues. I am just trying to understand if this is due to a common misconfiguraiton or if we are running into some sort of bug.

 

Likewise if I can find a resolution working with TAC I'll post it here. 

Contributor I

Re: clear pass error code 102 - internal error

Update - issue is still happening at random times.  Working with TAC....

 

But in the mean time I have managed to narrow the issue down by looking at debug logs from CPPM, logs form LDAP, and packet capture from CPPM server.  There are a couple of things that stand out but I am not too familiar with all of the concepts... Just throwing it out here to see if this rings any bells for anyone.

 

1- First of all, my LDAP engineer confirmed that he is getting the LDAP query from clear pass for the failed request.  He also sees the LDAP server respond with the query results immediately and with out errors. But clear pass still failed after a 10 minute delay.

 

2- Secondly, at the exact same time of that clear pass sends the failed request message to access tracker... The packet capture also shows a TCP reset initiated by clear pass at the same time that the LDAP query is sent out by CPPM. 

 

My LDAP engineer mentioned that in the past he has seen a similar issue with servers that use "Java based pools".  Does this ring a bell to anyone?  I don't remember reading about this in the CPPM user guides but that sounds like an internal thing.

Re: clear pass error code 102 - internal error

hey raff, just wondering, ever found a solution for this?

Contributor I

Re: clear pass error code 102 - internal error

hey boneyard - almost there ;)  The issue appears to be related to a tcp session timeout some where along the path between cppm and ldap. Working with Aruba support staff (SE, TAC, etc) and our F5 guys we have isolated the issue to a possible configuration issue on the load balancer. But we are still testing some things to rule out some assumptions. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: