Security

last person joined: 3 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

Jump to Best Answer
  • 1.  ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

    Posted Jan 31, 2018 02:02 AM

    Hello everyone,

     

    One of our customers has a ClearPass setup with Publisher/Subscriber, where the Subscriber is on a different location. They want to use Onboard for the employee devices. For the Publisher everything works as expected, but on the Subscriber, the Onboard Portal page is shown, one is able to log in with the AD Credentials, you can see an Acceppt Message in the ClearPass, but the Client gets the error: "Invalid response from publisher (No session key in response)". This error is independent form the device to onboard. 

     

    Could anyone help me withe a clue where this issue comes from?

     

    Regards,

     

    Marian



  • 2.  RE: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response
    Best Answer

    Posted Jan 31, 2018 02:07 AM
    Users should be directed to the Onboard portal on the publisher, not the subscribers.


  • 3.  RE: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

    Posted Jan 31, 2018 02:10 AM

    Does "should" mean it does not work on the subscriber, or does it mean that it is better to direct the the user to the Publisher?



  • 4.  RE: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

    Posted Jan 31, 2018 04:56 AM

    It shouldn't ;) matter if you onboard on pub or or sub. There are mechanics in the background that handles the sync between the pub and subs.

     

    That said - can you verify that the sync between the pub and sub is OK? Or is there a high latency between them? What about the clock - are they in sync?



  • 5.  RE: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

    Posted Jan 31, 2018 05:35 AM

    Both servers use an internal ntp server, so time should be in sync, but there is a WAN connection between the servers.

     

    BTW. Guest works fine with the subscriber.



  • 6.  RE: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

    Posted Feb 07, 2018 03:22 AM

    I finally mitigated this issue by redirecting to the publisher only.



  • 7.  RE: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

    Posted Apr 03, 2019 09:24 PM

    HI All,

     

    i've just run into this issue myself in 6.6.

     

    My understanding was also that you could complete guest and onboard operations on a subscriber, provided that the publisher was reachable. 

     

    Is this no longer the case?

     

    Scott