Security

Reply
MVP
Posts: 1,392
Registered: ‎11-30-2011

clearpass cluster status Node Disabled, how to recover?

doing some testing with clearpass cluster (version 6.3) and had a subscriber down for over 1 day. in the logging i noticed it went to status disabled after some time. now i started the subscriber again and was wondering if i can get it in the cluster without a drop / rejoin. checked the GUI, CLI and manual but can't find a hint.

 

the whole idea of node disabled status makes me believe i can enable it somehow, is that true or is drop and rejoin the only thing to do?

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: clearpass cluster status Node Disabled, how to recover?

When subscriber (configured as Designated Standby) went out of sync, you may have noticed that Publisher marks the node as disabled / cluster sync status is disabled.

 

In such a situation, please use the below steps:

1.     On a subscriber node (configured as Designated Standby), if needed take a logdb backup.

2.     Perform a "cluster reset-database" (easily done in CLI)

3.     Perform “Make-Subscriber” operation to join back into cluster (using either UI / CLI).

4.     After the node is joined as subscriber, check if VIP Service is running on the new subscriber. If stopped, please start the same.

5.     This will succeed and High Availability features like VIP and Publisher Standby configurations are restored on this Subscriber node.

 

Note: In the above steps, you need not drop any of the high availability features before joining the out of sync/disabled Designated standby into cluster. This way, time spent in getting back the out of sync subscriber node (or designated standby) back in action, is much lesser.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: clearpass cluster status Node Disabled, how to recover?

thanks Seth, if that the way it is, i will go that route.

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: clearpass cluster status Node Disabled, how to recover?

hey Seth i tried your stept but it seems to fail, the old subscriber is reset and rejoins but the then it remains out of sync and this increases with every attempt. should it have worked in 6.3?

Aruba
Posts: 1,520
Registered: ‎06-12-2012

Re: clearpass cluster status Node Disabled, how to recover?

Depending on resources it may take a while for it to come up active.

Make sure you

1. remove the VIP
2. do force drop on the publisher to make sure it is no longer showing on the dash board.
3. Do a db reset on the sub
4. I usually do a reboot on the sub after
5. In the cli do a sub join.

I've done quite a few tests and at a few sites it took awhile with a large database and or a Eval VM that is running on a min resources.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Super Contributor I
Posts: 289
Registered: ‎02-07-2013

Re: clearpass cluster status Node Disabled, how to recover?

And this was a lifesaver. As a result of this I managed to rebuild my CPPM cluster after a disastrous atempt at using theweb based upgrade utility

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: