Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass subscriber join failed

  • 1.  Clearpass subscriber join failed

    Posted Jul 03, 2019 09:52 AM

    Hello Airheads,

     

    I am trying to join cppm subscriber node  to publlisher. Both running on same version, NTP, same subnet, valid license. No port blocking between two IP's. But i am getting following error:

    c2.JPG

    Ping:

    c1.JPG

     

    any clue?



  • 2.  RE: Clearpass subscriber join failed

    Posted Jul 03, 2019 09:54 AM
    Do you have a firewall between the Pub and Sub ?
    If so make sure the following ports are allowed between the two nodes:
    https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/What-are-the-ports-that-need-to-be-opened-on-the-network/ta-p/175872

    What version are you running ?

    Sent from Mail for Windows 10


  • 3.  RE: Clearpass subscriber join failed

    Posted Jul 04, 2019 12:35 AM

    I'm running on 6.8.0.109592.

     

    No port blocking in firewall. Both VM's connected to same switch



  • 4.  RE: Clearpass subscriber join failed

    Posted Jul 04, 2019 01:03 AM
    Need to update the DB cert and include ip address in the SAN field.

    IP:xxx.xxx.xxx.xxx

    I believe there should have been something put in the release notes but im not positive.


  • 5.  RE: Clearpass subscriber join failed

    Posted Nov 26, 2019 07:42 AM

    I ran into the same issue with 6.8.0.109592 on a new L3 cluster over ipsecVPN.

     

    Both CPPM's where using the self signed cert.

     

    I created a new HTTPS server certificate signed by the internal domain-CA for both an added the domain-CA cert as trusted root. Afther this, the cluster was formed.

     

    P.S. I also included the CPPM IP in the SAN field of the CSR.