Security

last person joined: 7 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

clearpass cluster status Node Disabled, how to recover?

Jump to Best Answer
  • 1.  clearpass cluster status Node Disabled, how to recover?

    Posted Aug 25, 2014 05:35 AM

    doing some testing with clearpass cluster (version 6.3) and had a subscriber down for over 1 day. in the logging i noticed it went to status disabled after some time. now i started the subscriber again and was wondering if i can get it in the cluster without a drop / rejoin. checked the GUI, CLI and manual but can't find a hint.

     

    the whole idea of node disabled status makes me believe i can enable it somehow, is that true or is drop and rejoin the only thing to do?



  • 2.  RE: clearpass cluster status Node Disabled, how to recover?
    Best Answer

    Posted Aug 25, 2014 09:05 AM

    When subscriber (configured as Designated Standby) went out of sync, you may have noticed that Publisher marks the node as disabled / cluster sync status is disabled.

     

    In such a situation, please use the below steps:

    1.     On a subscriber node (configured as Designated Standby), if needed take a logdb backup.

    2.     Perform a "cluster reset-database" (easily done in CLI)

    3.     Perform “Make-Subscriber” operation to join back into cluster (using either UI / CLI).

    4.     After the node is joined as subscriber, check if VIP Service is running on the new subscriber. If stopped, please start the same.

    5.     This will succeed and High Availability features like VIP and Publisher Standby configurations are restored on this Subscriber node.

     

    Note: In the above steps, you need not drop any of the high availability features before joining the out of sync/disabled Designated standby into cluster. This way, time spent in getting back the out of sync subscriber node (or designated standby) back in action, is much lesser.



  • 3.  RE: clearpass cluster status Node Disabled, how to recover?

    Posted Aug 25, 2014 10:36 AM

    thanks Seth, if that the way it is, i will go that route.



  • 4.  RE: clearpass cluster status Node Disabled, how to recover?

    Posted Aug 26, 2014 04:39 AM

    hey Seth i tried your stept but it seems to fail, the old subscriber is reset and rejoins but the then it remains out of sync and this increases with every attempt. should it have worked in 6.3?



  • 5.  RE: clearpass cluster status Node Disabled, how to recover?

    Posted Aug 26, 2014 05:02 AM
    Depending on resources it may take a while for it to come up active.

    Make sure you

    1. remove the VIP
    2. do force drop on the publisher to make sure it is no longer showing on the dash board.
    3. Do a db reset on the sub
    4. I usually do a reboot on the sub after
    5. In the cli do a sub join.

    I've done quite a few tests and at a few sites it took awhile with a large database and or a Eval VM that is running on a min resources.


  • 6.  RE: clearpass cluster status Node Disabled, how to recover?

    Posted May 27, 2015 11:18 AM

    And this was a lifesaver. As a result of this I managed to rebuild my CPPM cluster after a disastrous atempt at using theweb based upgrade utility