If you do some testing in our production ClearPass, be sure not to have expired RADIUS service certificates. We had one just expire (meant to fix it next week as it was for new service I was testing on) and this caused our whole CPPM cluster to fail. Might have been because I was adding a new subscriber which might have done a refresh for the RADIUS service.
In all our CPPM servers RADIUS service stopped and didn't start.
Problem was that the RADIUS service certificate mapped to a service under Authentication -> Service Certificate expired. After we switched it to a valid certificate everything started working again.
This was on 6.8.2
(btw is it possible to update subscribers first to a newer version and only after that the publisher?)
It is well known that if the radius certificate expires the radius service stops: https://community.arubanetworks.com/t5/Security/CPPM-RADIUS-cert/td-p/271086
You can also configure clearpass to alert you via email when this happens: https://community.arubanetworks.com/t5/Security/Radius-Certificate-Expiration-Alert/m-p/552596#M45658
Wonder if this mentioned in the manuals? Of course it's my fault for not updating the certificate, but for future reference I'd like to check if there are other similar things that I should be aware of.
Now the expired certificate issue is very well known to us too
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.