Security

last person joined: 14 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM 6.10.x NTP error message

This thread has been viewed 21 times
  • 1.  CPPM 6.10.x NTP error message

    Posted Jul 28, 2021 03:41 AM
    I've a cluster of 2 * 6.0.1 servers configured to use NTP .
    While everything looks o.k. on the master publisher, in the event log for the secondary you get an error message for an ntp server that is the master publisher. The ntp server is another host on my network



    ------------------------------
    Alex Sharaz
    ------------------------------


  • 2.  RE: CPPM 6.10.x NTP error message

    Posted Jul 28, 2021 04:22 PM
    Do you have check, The NTP is not blocked for secondary ClearPass ?

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 3.  RE: CPPM 6.10.x NTP error message

    Posted Jul 28, 2021 05:12 PM
    Both servers are on same subnet Setup is


    1 * 2930 switch
    2 * Mac minis
    2 * Vmware Fusion
    1 cppm VM on each Mac mini
    All ip addresses on same net

    Why would the secondary think the master publisher is an ntp server when the config points them at there real ntp server … also on the same net

    A




  • 4.  RE: CPPM 6.10.x NTP error message

    Posted Jul 29, 2021 10:59 AM
    Subscribers will use the publisher as NTP server in addition to the configured server(s), which will help to get them synced if external NTP is lost. Cluster nodes should never be out of time-sync.

    And in my lab, I don't see these event errors. Did you heavily locked down the service ACLs maybe?

    Or could it be that VMware fusion (or the Mac mini running it) is blocking access? Note that Fusion is not supported as Hypervisor; but it probably allows you to do a tcpdump on the host and see the ntp traffic and possibly what happens to it.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: CPPM 6.10.x NTP error message

    Posted Jul 29, 2021 11:13 AM
    Running 2 cppm nodes as standalone everything is just fine. As soon as I subscribe one to the other I get the error message. I’ll have a look see if there are any fusion related things. …. certainly worked ok in 6.9.6




  • 6.  RE: CPPM 6.10.x NTP error message

    Posted Jul 29, 2021 11:14 AM
    Forgot

    No service related ACLs anywhere




  • 7.  RE: CPPM 6.10.x NTP error message

    Posted 24 days ago
    We have the same warning on all of our 4 ClearPass-servers, Aruba TAC checked in the backend, and NTP is working correctly..
    This error was introduced with 6.9.x i think... We are now on 6.10.1 and still have the same warning.
    As long that the time on all servers in the cluster have the same time you're okey.


  • 8.  RE: CPPM 6.10.x NTP error message

    Posted 24 days ago
    Thanks for the reply. Yup I’m just ignoring it for now

    Rgds
    Alex