Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM Authentication Sources Active Directory - Update Servers

This thread has been viewed 3 times
  • 1.  CPPM Authentication Sources Active Directory - Update Servers

    Posted Jul 28, 2020 09:34 AM

    We are in the process of demoting some older active directory servers and replacing with new. This requires a change to the Authentication Sources - Active Directory in CPPM.

     

    When ever I try to make a change here I get a message "Cluster operations in progress. Modifications temporarily suspended on Publisher node." 

     

    I found this as a possible solution:

     

    Login to Publisher UI and perform Drop subscriber (on designated standby whose cluster sync status = IN_PROGRESS).

    - On Publisher, Drop subscriber will be refused, and an error will be prompted to disable Designated Standby configuration.

    - Disable the Designated Standby settings using Cluster wide parameters.

    - If subscriber node is part of VIP configuration, Drop subscriber will be refused again, and an error is prompted to disable/remove the corresponding VIP configuration. 

    - After disabling the above, Drop subscriber completes successfully on Publisher

    - Since cluster is out of sync, manually reset the database on Subscriber and perform Make subscriber on this node.

    - Once the subscriber is added back to cluster, reconfigure the VIP and Designated standby configuration as before.

     

    But I am not sure if this is the correct way to handle this. Has anyone ran into this situation?



  • 2.  RE: CPPM Authentication Sources Active Directory - Update Servers

    Posted Jul 30, 2020 05:29 AM

    Do you know what kind of cluster operation is in progress? Did you trigger something?

     

    Do you feel this is related to the changes you have in your AD Environment?

    Or is it something in your cluster that prevents you from changing AD as you can't change anything on ClearPass?

     

    It may be best to reach out to Aruba Support in this case. Your suggested approach may work but might not be needed.



  • 3.  RE: CPPM Authentication Sources Active Directory - Update Servers

    Posted Jul 30, 2020 12:53 PM

    Thanks, I did contact TAC and recommended a restart of CCPM, that did correct the issue.