12-21-2016 11:12 AM
my problem is smtp auth. failure in guest service.
under the "ClearPass Guest>Configuration>Receipts>Email receipt>Test Mail Settings"
generates the above SMTP:STARTTLS Fail code
(authentication failure [SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS)] error message.)
ClearPass Policy Manager>Administration>External Servers>Messaging Setup>Send Test Email
successfully sends a message
running cppm version is 6.6.0.
do you have experience with the subject?
Solved! Go to Solution.
12-21-2016 08:26 PM
It is expected beahvior with 6.6.X versions if you have username and password fields mentioned in messaging setup in policy manager.
When SMTP server supports TLS and when we have username and password fields mentioned in messaging setup, guest module will always initiate the TLS connection.
In order to complete this TLS transaction wither you could import the SSL certificate of SMTP server in trust list or you could disable TLS support on SMTP server.
12-22-2016 01:36 AM
thanks for reply pranav,
Our customers have upgraded themselves to 6.6 directly from cppm version 6.3. And it has begun to come out of possible errors from this process.
.They get an error during .1x authentication. The cppm access tracker also has AD pipe broken errors.
At the same time, policy manager smtp settings are correct and test mail is being sent even though the , do not send a mail to the guest service the . "smtp auth. Failed starttls " errors exist in Guest application logs
So I want to rebuild it.
My question is actually to use the factory default with the "cluster reset-database" command over cli because They use the hardware appliance then Config. and database will remove and will open the 6.6 version again. or Does it fall in the old default version?
or; Again on the cli I see the 6.5 version of the system boot-image list command. What gives me to use this command.?
04-28-2017 01:11 PM
We also encountered this issue. We searched the ClearPass Guest User Guide and found no mention of this "expected behavior". Found it extremely frustrating that doing a test under ClearPass Policy Manager -> Messaging Setup worked, security set to None but username/password filled in, while testing under ClearPass Guest - SMTP Services failed because of "STARTTLS failed" even though CPPM messaging securty was set to none.
Please make both Policy Manager and Guest work the same, and optional include this expected behavior in your guide.