We have an unusual issue with one of our CPPM servers where the RADIUS and Policy services continue running, but I'm receiving Error Code 106:
My question is when the server does not match a service and has this error, does it return a RADIUS reject or do the request normally timeout on the NAS side? This is for Cisco wired 802.1x/MAC Auth. We are looking at our configuration options and need to know if a response is returned or not.
Are you not seeing any authentication failures in access tracker with this error message?
Some time we see this error message if their is delay in authenticaton/authorization source radius response. Can you cross check if their is time sync and network delay issue.
No delays, after this starts every request from that point forward we receive rejected RADIUS requests with that error code. I've got a TAC case open and restarting the policy service fixes it, but in between this event and us identifying that, we are having a lot of users affected. We want to do some configuration on our switches to help with a failure like this, but depends on if we are receiving a rejected radius response or no radius response.
I was able to confirm with my TAC engineer that a RADIUS response does not take place because the failure is happening in the beginning stages of the request handling and does not go far enough to process an accept or reject response.
Thanks for the help everyone.
Yes, radius thread handles the request, if radius request coming in and their is no response or delay from authentication source, number of request in queue will increase and certain point thread will run out which result in authentication failure and restart serivce will fix it temperorly for but we need to look in to dealy which causing it.
Were you able to find a solution for this issue?
Yes, we have Microsoft Intune integrated as an authorization source via API and our CPPM server did not have access to reach Intune. By default there is a 27 second (I believe) timeout per request in our current version of code (6.7.5) and because we have so many authentication requests per second, the queue just got backed up and couldn't process any requests anymore. Removing Microsoft Intune as an authorization source resolved the issue. Supposidly in later versions of CPPM (6.8.x) this timeout value is configurable.
This error occurred to me when trying to swap the names of the shelf registrations base page in configuration -> pages.Solution is a new non-copied registration page.I think the database can't properly track the changes.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.