Scenario:
Primary clearpass server at HQ. Just built a subscriber node at a different office with the plan to join it (different subnet).
I have upgraded both servers to 6.9.7. Created certs for the new server (local for database). When I try to make it a subscriber it immediately says wrong IP/password.
When I do it from command line I get the "echo GET failed, will retry..." error.
I've cracked open the logs and see the following.
HTTPError: HTTP Error 401: basic auth failed
2021-09-28 08:15:00,021 WARNING OUT ClusterControlAPI 10.211.8.20: echo GET failed. Will retry...
2021-09-28 08:15:02,628 DEBUG Tips.Db pgq_monitoring Num subscribers 0
2021-09-28 08:15:02,628 DEBUG Tips.Db pgq_monitoring Pgq checks not applicable on stand alone publisher
2021-09-28 08:15:02,658 INFO Tips.Db DbSubscriberStatusCheck Skip checks since this node is the publisher
2021-09-28 08:15:02,740 DEBUG Tips.Db DbClusterDiagnostics Skip node=NodeId=1 ServerIp=None ServerIpv6= ManagementIp=10.220.0.22 ManagementIpv6= Uuid=627a4a5d-3887-4c11-8ece-0c8f71d0802e ProviderUuid=627a4a5d-3887-4c11-8ece-0c8f71d0802e ProviderNodeId=1 isMaster=True replicationStatus=ENABLED
2021-09-28 08:15:30,052 DEBUG Tips.Util certhttp https_open(https://10.211.8.20/tipsapi/cluster/echo)
2021-09-28 08:15:30,052 DEBUG Tips.Util certhttp htts_class_wrapper({'timeout': None})
2021-09-28 08:15:30,052 DEBUG Tips.Util certhttp CertHTTPConnection(10.211.8.20 None None None None None {'timeout': None})
2021-09-28 08:15:30,053 DEBUG Tips.Util certhttp connect()
2021-09-28 08:15:30,090 DEBUG Tips.Util ClusterControlAPI _handle_exception( 10.211.8.20, echo GET, HTTP Error 401: basic auth failed)
2021-09-28 08:15:30,091 ERROR Tips.Util ClusterControlAPI 10.211.8.20 echo GET: cluster-control action failed
Traceback (most recent call last):
File "/usr/local/avenda/tips/lib64/python2.4/ClusterControlAPI.py", line 88, in _GET
resp = urllib2.urlopen(req, timeout=timeout)
File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib64/python2.7/urllib2.py", line 437, in open
response = meth(req, response)
File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.7/urllib2.py", line 469, in error
result = self._call_chain(*args)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/urllib2.py", line 926, in http_error_401
url, req, headers)
File "/usr/lib64/python2.7/urllib2.py", line 889, in http_error_auth_reqed
headers, None)
When I navigate to the URL listed in the error I get presented with an authentication window. I enter in the known admin/appadmin account and get "
HTTP ERROR 401"
Is there a different password that I should be using? Is the publisher cluster password desynced from the admin/appadmin account?
Can anyone point me in a better direction on troubleshooting this?------------------------------
Mike Traylor
------------------------------