One of our customers has a ClearPass setup with Publisher/Subscriber, where the Subscriber is on a different location. They want to use Onboard for the employee devices. For the Publisher everything works as expected, but on the Subscriber, the Onboard Portal page is shown, one is able to log in with the AD Credentials, you can see an Acceppt Message in the ClearPass, but the Client gets the error: "Invalid response from publisher (No session key in response)". This error is independent form the device to onboard.
Could anyone help me withe a clue where this issue comes from?
Does "should" mean it does not work on the subscriber, or does it mean that it is better to direct the the user to the Publisher?
It shouldn't ;) matter if you onboard on pub or or sub. There are mechanics in the background that handles the sync between the pub and subs.
That said - can you verify that the sync between the pub and sub is OK? Or is there a high latency between them? What about the clock - are they in sync?
Both servers use an internal ntp server, so time should be in sync, but there is a WAN connection between the servers.
BTW. Guest works fine with the subscriber.
I finally mitigated this issue by redirecting to the publisher only.
i've just run into this issue myself in 6.6.
My understanding was also that you could complete guest and onboard operations on a subscriber, provided that the publisher was reachable.
Is this no longer the case?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.