Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Error 106 - Still Sending RADIUS Response?

Jump to Best Answer
This thread has been viewed 9 times
  • 1.  ClearPass Error 106 - Still Sending RADIUS Response?

    MVP
    Posted Jul 12, 2019 12:16 PM

    We have an unusual issue with one of our CPPM servers where the RADIUS and Policy services continue running, but I'm receiving Error Code 106:

    Error Message:
    Internal error in RADIUS server

    My question is when the server does not match a service and has this error, does it return a RADIUS reject or do the request normally timeout on the NAS side? This is for Cisco wired 802.1x/MAC Auth. We are looking at our configuration options and need to know if a response is returned or not.

     

    Thanks.



  • 2.  RE: ClearPass Error 106 - Still Sending RADIUS Response?

    EMPLOYEE
    Posted Jul 12, 2019 12:28 PM

    Are you not seeing any authentication failures in access tracker with this error message?

     

    Some time we see this error message if their is delay in authenticaton/authorization source radius response. Can you cross check if their is time sync and network delay issue.

     

     

     



  • 3.  RE: ClearPass Error 106 - Still Sending RADIUS Response?

    MVP
    Posted Jul 12, 2019 12:35 PM

    No delays, after this starts every request from that point forward we receive rejected RADIUS requests with that error code. I've got a TAC case open and restarting the policy service fixes it, but in between this event and us identifying that, we are having a lot of users affected. We want to do some configuration on our switches to help with a failure like this, but depends on if we are receiving a rejected radius response or no radius response.



  • 4.  RE: ClearPass Error 106 - Still Sending RADIUS Response?
    Best Answer

    MVP
    Posted Jul 12, 2019 03:36 PM

    I was able to confirm with my TAC engineer that a RADIUS response does not take place because the failure is happening in the beginning stages of the request handling and does not go far enough to process an accept or reject response.

     

    Thanks for the help everyone.



  • 5.  RE: ClearPass Error 106 - Still Sending RADIUS Response?

    EMPLOYEE
    Posted Jul 15, 2019 07:31 AM

    Yes, radius thread handles the request, if radius request coming in and their is no response or delay from authentication source, number of request in queue will increase and certain point thread will run out which result in authentication failure and restart serivce will fix it temperorly for but we need to look in to dealy which causing it.

     

     



  • 6.  RE: ClearPass Error 106 - Still Sending RADIUS Response?

    Posted Sep 13, 2019 03:13 PM

    Were you able to find a solution for this issue?

     

    Thanks



  • 7.  RE: ClearPass Error 106 - Still Sending RADIUS Response?

    MVP
    Posted Sep 13, 2019 03:43 PM

    Yes, we have Microsoft Intune integrated as an authorization source via API and our CPPM server did not have access to reach Intune. By default there is a 27 second (I believe) timeout per request in our current version of code (6.7.5) and because we have so many authentication requests per second, the queue just got backed up and couldn't process any requests anymore. Removing Microsoft Intune as an authorization source resolved the issue. Supposidly in later versions of CPPM (6.8.x) this timeout value is configurable.



  • 8.  RE: ClearPass Error 106 - Still Sending RADIUS Response?

    Posted Oct 15, 2019 02:07 AM

    This error occurred to me when trying to swap the names of the shelf registrations base page in configuration -> pages.
    Solution is a new non-copied registration page.
    I think the database can't properly track the changes.