Can you share the log that provides you the information that the primary authentication server is failing?
What is the type of your authentication source? Is it Active Directory?
Can you 'search' the primary server in the Authentication Source configuration screen?
If the primary authentication source is failing structurally, I would create a copy of your authentication source and swap the primary and backup such that the secondary that is working is taken first, while researching the issue. Apply that copy then in your service.
It may be wise to work with your Aruba partner or Aruba support, also to get your upgrade planned.
If you lost the CLI login credentials, you can reset the appadmin password by changing the 'cluster password' in the Cluster-wide parameters. The Cluster password and the appadmin account password for SSH/CLI access are the same.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Mar 02, 2021 03:43 AM
From: Stu Mills
Subject: Authentication Source: ClearPass Showing that it's NOT hitting primary DC first
Hi,
To be honest I am not sure which certificate is attached to this process, it seems I have a number of certs, which are mostly disabled, I have enabled the first in the list to see whether I can track the cert info in regard to the errors/time outs
I did swap temporarily to Port 389, however that didn't seem to make any difference,
We are running 6.7.2.105008 however we would like to upgrade, but we are nervous to in case the system doesn't come back (as I do not have the creds for the back end of ClearPass-CLI etc)
What advantages would there be to upgrade?
--
Kind Regards
Stuart J MillsService Desk Analyst
working hours 0800-1600
DIS Dresden International School gGmbHSitz der Gesellschaft | Company Register: Annenstr. 9, 01067 DresdenRegistergericht | Court of registration: Amtsgericht Dresden, HRB 35540Geschäftsführung | Executive Board: Steven Calland-Scoble, Andrea Harnisch
Original Message:
Sent: 2/26/2021 5:12:00 PM
From: mkk
Subject: RE: Authentication Source: ClearPass Showing that it's NOT hitting primary DC first
Which port is used in your authentication source? 389 or 636?
- Can you do Search the AD three in the primary and backup configuration
- Are they both configured as 389 or 636 (LDAP over SSL)
Check the ClearPass Certificate Trust store and look if your uses just one root-ca certificate for the purpose of LDAP.
Check the monitor > event viewer for any logs.
Maybe try temporarily to run port 389 (without SSL encryption) for any changes. Strongly recommended to keep using 636 LDAP over SSL in production.
What ClearPass version do you run?
------------------------------
Marcel Koedijk | MVP Guru 2021 | ACMP | ACCP | Ekahau ECSE | Not an HPE Employee | Opionions are my own
Original Message:
Sent: Feb 26, 2021 08:18 AM
From: Stu Mills
Subject: Authentication Source: ClearPass Showing that it's NOT hitting primary DC first
Hi There,
I have recently taken over a role, and a more suspect network, I am seeing a few too many time outs at the moment, looking at the Auth Source I can see that they are not hitting the primary DC, but the backup first. I would assume that this is the cause of the time out, however I am unclear why the primary DC isn't working as it should. I haven't done a deep dive as yet (as no one is screaming ...yet) I just wanted to ask the community if you had any advice in this situation,
Regards
------------------------------
Stu Mills
------------------------------