Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass 6.9.13 HF1 -> Profiler unstable

This thread has been viewed 86 times
  • 1.  Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 09, 2023 10:20 AM

    Hi there!


    I've updated our Clearpass servers to 6.9.13 Hotfix 1 and now every hour there's an error message for the profiler.

    The message says that both of our profilers are unstable and clients aren't profiled anymore. See screenshots below:

    Anyone else had this problem or knows an solution?

    Thank you for you're reply!

    Best regards, Rob



  • 2.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    MVP GURU
    Posted Mar 09, 2023 10:41 AM

    I have not. Does a reboot fix this? This may be a TAC call....



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 10, 2023 01:59 AM

    A reboot sadly doesn't fix the problem. 

    Is it possible for me to contact TAC directly? Without our IT-partner or do I need them for the call?




  • 4.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 10, 2023 02:56 AM

    Hi Rob

    If you can contact Aruba TAC or should contact your IT partner depends on what type of support agreement you have. If you have the standard support you may contact Aruba directly, but if you have partner branded support you should contact your IT partner.

    Maybe you need to ask your partner about the type of support if you don't have the information at hand.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACMP, ACDP, ACP-Network Security, ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 5.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    MVP EXPERT
    Posted Mar 10, 2023 05:51 AM

    I've just seen this on 6.11.2

    I normally run 6.10.7. Built a new VM of 6.11.1 and upgraded it to 6.11.2

    Checked some dot1x auths on my wifi and everything seemed to work...didnt notive that all the devics on my psk network were failing to connect with this message. couldnt see any auth requests from them. 

    Shut down the  6.11.2 brought up the 6.10.7 and everything works

    A




  • 6.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 15, 2023 11:54 AM

    I also see the same errors (every hours) on my Lab CPPM that I have upgraded to 6.11.2

    As it is a Lab system running Eval licenses I cannot open a TAC Case.

    Seems related to the fix for "ARUBA-PSA-2023-003 :: ClearPass Policy Manager Multiple Vulnerabilities (Rev-1)"




  • 7.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 15, 2023 12:03 PM

    TAC said defect CP-49545 was created for this and there is no impact to services, it is cosmetic only.




  • 8.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    MVP EXPERT
    Posted Mar 15, 2023 05:41 PM
    Hmmm cosmetic


    Got net with ~ 100 devices 6.10.7 works flawlessly and profiles everything

    Replace with 6.11.2 ….. and my eap-tls devices work and all my wap2-psk devices fail to connect

    Amazon echo, roku, pioneer amp , lg tv non of them connect.
    Move back to 6.10.7 …. They all spring back to life


    Course might be something else … and nee to fire up 6.11.2 again … just in case

    But ….




  • 9.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    MVP EXPERT
    Posted Mar 15, 2023 05:28 PM
    Bit worrying given the CVE that’s just come out that affects 6.11.1 and you need 6.11.2 if all your fingerprinted devices aren’t profiled. Interestingly enough it was only for my wpa2-psk devices, the wpa2-enterprise devices seemed to be ok
    A




  • 10.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 10, 2023 08:22 AM

    Yes, I have had a case open for a couple of days and the TAC is looking into it. They report others are having the same issue. Wouldn't hurt to open a ticket so they know the extent of the issue if nothing else.




  • 11.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 16, 2023 09:22 AM

    I also have a TAC case on this issue  and the just told me that also clearpass 6.11.2 and 6.10.8 HF  are experiencing the same fault.

    no fix at the moment.




  • 12.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 18, 2023 06:29 AM

    TAC is saying this is cosmetic, but I see some complaining about profiler not working.

    Is profiler still working even with the message?




  • 13.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    EMPLOYEE
    Posted Mar 20, 2023 06:06 AM

    Appartently for some users (seems related to IPv4 only networks), profiling is reported to stop in some cases. I would expect an update to this hotfix. Please work with Aruba Support on specific guidance, but if you can hold the HF1 for a moment and wait for HF2 that may be the best. Again, check with TAC for specific guidance.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 14.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 21, 2023 02:11 AM

    Hi All!

    I've installed the Hot Fix 2 and I can confirm profiling is working again. (Its a small fix, like 36MB)

    Thank you for you're reply's!



  • 15.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 21, 2023 04:46 AM

    installed the new hotfix and the problem seems to be solved.




  • 16.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    MVP EXPERT
    Posted Mar 21, 2023 08:17 AM
    Except its not available (?) for 6.11.2 :-(




  • 17.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    Posted Mar 24, 2023 09:00 AM

    Anyone use TCP Fingerprint for endpoint profiling here ?

    I asked same question in my thread as well.




  • 18.  RE: Clearpass 6.9.13 HF1 -> Profiler unstable

    EMPLOYEE
    Posted Mar 28, 2023 05:14 AM

    TCP Fingerprinting is out of topic for this discussion. Please open a new discussion for that.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------