I had a subscriber offline for a day, which was long enough to cause issues with the cluster syncing. Besides dropping the subscriber from the cluster, is there any other way of resolving an out of sync issue?
I’ve never found a better way. Dropping is the safest/cleanest. I usually stop TACACS and RADIUS services on the subscriber before I drop it so the NADs put the server out of service.
As of today that is your only option.
I've never found a better way. Dropping is the safest/cleanest. I usually stop TACACS and RADIUS services on the subscriber before I drop it so the NADs put the server out of service.
Worked great for me. One of my nodes was out-of-syn because of asymetric routing. We also use wan acceleration so in order to prevent any problem I've added rules on these devices to bypass traffic among all cluster nodes
Looks like I have a similar problem.
Our Subscriber today is reporting that it is out of sync.
I believe it is due to an extended downtime of the Subscriber server.
I didn't form the initial cluster so I am a little shaky on the steps.
Would I take the following steps?
Thank you very much for confirming the steps!
Good to know about the services. I will keep that in mind when I am ready to repair the cluster.
The only reason I recommend manually stopping the TACACS and RADIUS services is that it gives the controllers/switches more time to age out the auth server.
Thanks for the explanation @cappalli!
Sorry for my ignorance but I was just wondering about the age out time. Would this be beneficial if on your controllers/switches you had a secondary auth server configured? Or does this help with preventing the controllers/switches needlessly sending requests?
I had a situation, one of my subscribr went out of sync for more than 24 hours, and publisher has declared it out of sync. therefore, I dropped the subscriber from the cluster via the subscriber node.
After I rejoin the cluster, all its authenticated machine cache has been erased. therefore it was not accpeting any user auth due to absence of machine auth. then i need to reboot the machines to get the machine auth done.
Is that I did something wrong in rejoining the cluster?? Is this an expected behaviour or there is better way to do things?
I can't speak to whether or not the machine cache being cleared is normal or not.
You can avoid this issue though by writing an attribute into the endpoint database when a machine successfully authenticates. Then use a role mapping to give the machine a role based on that attribute.
This is especially helpful with laptops that disappear on a business trip and then the user comes back, but has put their laptop to sleep and not signed out.
as of today, is it still the only solution to drop a subscriber if its out of sync?
That would mean if you're using VIPs on that node, you need to delete them and setup everything again after readding the node??
That would cause downtime in my case...
Many thanks in advance.
It is not neccesary always to drop the subscirber and rejoin the cluster if it is out of sync. Need to check logs why it went out of sync.
We could try restart db replication service and check the status.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.