Security

 View Only
Expand all | Collapse all

ClearPass Intune Extension 5 _ Error Loading version information

This thread has been viewed 72 times
  Thread closed by the administrator, not accepting new replies.
  • 1.  ClearPass Intune Extension 5 _ Error Loading version information

    Posted Apr 29, 2021 01:58 PM
    No replies, thread closed.
    Hello,

    I'm trying to setup the Extension,


    {
    "logLevel": "DEBUG",
    "verifySSLCerts": false,
    "tenantId": "dbxxxxxxxxxxxxxxxxxxxxxxx7e",
    "clientId": "1fxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1a",
    "clientSecret": "********",
    "dataPageSize": 50,
    "syncSchedule": "*/30 * * * *",
    "syncUpdatedOnly": true,
    "syncOnStart": true,
    "enableEndpointCache": false,
    "cacheTimeInSeconds": 900,
    "intuneAttributes": null,
    "cppmUserName": "CPPM_Extension",
    "cppmPassword": "********",
    "bypassProxy": false,
    "enableStats": true
    }


    but I always get this log entries.

    in the Firewall I can see connection to the IP 20.190.160.2, https inspection is of for this IP.
    And why is there an timout to 172.17.0.1 ?
    the log is set to debug.

    regards

    Timo




    ------------------------------
    Timo Bienert
    ------------------------------


  • 2.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted Apr 29, 2021 05:29 PM
    No replies, thread closed.
    ETIMEDOUT in any extension log is typically related to a DNS, routing, firewall issue. If your asking what in the 172 address, the docker host for extension's will route everything out of CPPM {via MGMT interface} with a SRC of this address.

    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------



  • 3.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted Apr 29, 2021 06:55 PM
    No replies, thread closed.
    Check Administration -> Server Manager -> Server Configuration
    Services Parameters Tab
    ClearPass system services  -> Extensions Network Address
    The default is the docker default 172.17.0.0/16 

    If you have any 172.17.0.0/16 addresses in your network you'll want to change this subnet.

    The 172.17.0.1 shouldn't be used for the extension's IP address, either leave it blank during install to get the one that's available or pick something else in the 172.17.0.0/16 network. You'll need the extension's IP address to use in building the HTTP Auth source so take note of it. 

    If you're running a Cluster install on the subscribers too with the same IP address. Check the 2021 "ClearPass Integration Guide Microsoft InTune" for the Cluster information as well.  Danny did a great job on it. 


    You'll likely want to add an HTTP Auth Source something like:
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
      <TipsHeader exportTime="Thu Jan 10 20:15:15 EDT 2021" version="6.9"/>
      <AuthSources>
        <AuthSource description="Microsoft Intune ClearPass Extension" name="Intunev Extension v5" isAuthorizationSource="false" type="HTTP">
          <NVPair value="http://172.17.255.254/device/info" name="base_url"/>
          <NVPair value="YourUserNameHere" name="username"/>
          <NVPair value="YourPasswordHere" name="password"/>
          <NVPair value="60" name="timeout"/>
          <Filters>
            <Filter paramValues="" filterQuery="%{Connection:Client-Mac-Address-Hyphen}" filterName="Intune Authorization">
              <Attributes>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Azure AD Device Id" attrName="Intune Azure AD Device Id"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Azure AD Registered" attrName="Intune Azure AD Registered"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Compliance Grace Period Expiration Date Time" attrName="Intune Compliance Grace Period Expiration Date Time"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Compliance State" attrName="Intune Compliance State"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Device Category Display Name" attrName="Intune Device Category Display Name"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Device Enrollment Type" attrName="Intune Device Enrollment Type"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Device Name" attrName="Intune Device Name"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Device Registration State" attrName="Intune Device Registration State"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Eas Activated" attrName="Intune Eas Activated"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Eas Activation Date Time" attrName="Intune Eas Activation Date Time"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Email Address" attrName="Intune Email Address"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Enrolled Date Time" attrName="Intune Enrolled Date Time"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Exchange Access State" attrName="Intune Exchange Access State"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Exchange Access State Reason" attrName="Intune Exchange Access State Reason"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Exchange Last Successful Sync Date Time" attrName="Intune Exchange Last Successful Sync Date Time"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Free Storage Space in Bytes" attrName="Intune Free Storage Space in Bytes"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune ID" attrName="Intune ID"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="Boolean" aliasName="Intune Is Encrypted" attrName="Intune Is Encrypted"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="Boolean" aliasName="Intune Is Supervised" attrName="Intune Is Supervised"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Jail Broken" attrName="Intune Jail Broken"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Last Sync Date Time" attrName="Intune Last Sync Date Time"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Last Updated" attrName="Intune Last Updated"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Managed Device Name" attrName="Intune Managed Device Name"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Managed Device Owner Type" attrName="Intune Managed Device Owner Type"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Management Agent" attrName="Intune Management Agent"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Manufacturer" attrName="Intune Manufacturer"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Model" attrName="Intune Model"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune OS Version" attrName="Intune OS Version"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Operating System" attrName="Intune Operating System"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Partner Reported Threat State" attrName="Intune Partner Reported Threat State"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Serial Number" attrName="Intune Serial Number"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Total Storage Space in Bytes" attrName="Intune Total Storage Space in Bytes"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune User Display Name" attrName="Intune User Display Name"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune User ID" attrName="Intune User ID"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune User Principal Name" attrName="Intune User Principal Name"/>
                <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Wi Fi MAC Address" attrName="Intune Wi Fi MAC Address"/>
              </Attributes>
            </Filter>
          </Filters>
        </AuthSource>
      </AuthSources>
    </TipsContents>
    ​


    ------------------------------
    Michael Holden
    ------------------------------



  • 4.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted Apr 30, 2021 03:26 AM
    No replies, thread closed.
    thanks for your reply, but I do not find the error.

    DNS is running.

    routing: I can see the Packages in the firewall and ping works to.
    and I can Ping and Traceroute the ip's





    We have an Cluster, and we have only installed it on the publisher, because we only want to to an periodically update to the endpoint db.
    As i understood the document right, that should be ok?

    We have one subnet with 172.16.0.0/16 but no 172.17.0.0/16

    Administration -> Server Manager -> Server Configuration ->Services Parameters Tab -> ClearPass system services -> Extensions Network Address
    is set to 172.17.0.1/16






    ------------------------------
    Timo Bienert
    ------------------------------