Security

Hi All,

I have uncovered an issue with the log restore process in CPPM 6.4 which i thought was worthy of sharing in case anybody else runs into it. 

In the ClearPass Policy Manager Tech Note - Performing an Upgrade to Policy Manager 6.4 it states:

Restoring the Session Log Database

To reduce downtime during the upgrade process, the default upgrade behavior backs up the Session Log Database and Access Tracker records, but they are not restored as part of the upgrade. If required, you can manually restore them after the upgrade through the user interface.

All services are accessible and the services can handle requests during the restoration, but there is a performance impact while

the restoration is in progress. Aruba recommends that you perform this operation during a planned change window.

I have found that this is the case only some times. 

When i performed this upgrade and subsequent restore in my lab environment (using VM-500), i found that it worked successfully and restored as planned. 

When i tried in my pre-prod environment (using HW-500) with a 2 node cluster, it failed to restore the databases and displayed the following error message:

After contacting the TAC i was advised that i needed to stop the cpass-radius-server process in order to allow exclusive access to the tipsLogDb for log recovery. 

This means that the server is essentially out of service whilst the log restore takes place. 

When i stopped the service and reattempted the restore it worked fine on both nodes. I then restarted the service and resumed normal operation. 

I'm not sure whether its the documentation thats wrong or some bug in the restore process but it does require some changes to be made. I have asked for doco to be reviewed.

Hopefully this saves someone some pain!

Scott