Security

 View Only
last person joined: 13 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Intune Extension 5 _ Error Loading version information

This thread has been viewed 60 times

  • 1.  ClearPass Intune Extension 5 _ Error Loading version information

    Posted Apr 29, 2021 01:58 PM
    Hello,

    I'm trying to setup the Extension,


    {
    "logLevel": "DEBUG",
    "verifySSLCerts": false,
    "tenantId": "dbxxxxxxxxxxxxxxxxxxxxxxx7e",
    "clientId": "1fxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1a",
    "clientSecret": "********",
    "dataPageSize": 50,
    "syncSchedule": "*/30 * * * *",
    "syncUpdatedOnly": true,
    "syncOnStart": true,
    "enableEndpointCache": false,
    "cacheTimeInSeconds": 900,
    "intuneAttributes": null,
    "cppmUserName": "CPPM_Extension",
    "cppmPassword": "********",
    "bypassProxy": false,
    "enableStats": true
    }


    but I always get this log entries.

    in the Firewall I can see connection to the IP 20.190.160.2, https inspection is of for this IP.
    And why is there an timout to 172.17.0.1 ?
    the log is set to debug.

    regards

    Timo




    ------------------------------
    Timo Bienert
    ------------------------------


  • 2.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted Apr 29, 2021 05:29 PM
    ETIMEDOUT in any extension log is typically related to a DNS, routing, firewall issue. If your asking what in the 172 address, the docker host for extension's will route everything out of CPPM {via MGMT interface} with a SRC of this address.

    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------

    Original Message


  • 3.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted Apr 29, 2021 06:55 PM
    Check Administration -> Server Manager -> Server Configuration
    Services Parameters Tab
    ClearPass system services  -> Extensions Network Address
    The default is the docker default 172.17.0.0/16 

    If you have any 172.17.0.0/16 addresses in your network you'll want to change this subnet.

    The 172.17.0.1 shouldn't be used for the extension's IP address, either leave it blank during install to get the one that's available or pick something else in the 172.17.0.0/16 network. You'll need the extension's IP address to use in building the HTTP Auth source so take note of it. 

    If you're running a Cluster install on the subscribers too with the same IP address. Check the 2021 "ClearPass Integration Guide Microsoft InTune" for the Cluster information as well.  Danny did a great job on it. 


    You'll likely want to add an HTTP Auth Source something like: 
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
  <TipsHeader exportTime="Thu Jan 10 20:15:15 EDT 2021" version="6.9"/>
  <AuthSources>
    <AuthSource description="Microsoft Intune ClearPass Extension" name="Intunev Extension v5" isAuthorizationSource="false" type="HTTP">
      <NVPair value="http://172.17.255.254/device/info" name="base_url"/>
      <NVPair value="YourUserNameHere" name="username"/>
      <NVPair value="YourPasswordHere" name="password"/>
      <NVPair value="60" name="timeout"/>
      <Filters>
        <Filter paramValues="" filterQuery="%{Connection:Client-Mac-Address-Hyphen}" filterName="Intune Authorization">
          <Attributes>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Azure AD Device Id" attrName="Intune Azure AD Device Id"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Azure AD Registered" attrName="Intune Azure AD Registered"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Compliance Grace Period Expiration Date Time" attrName="Intune Compliance Grace Period Expiration Date Time"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Compliance State" attrName="Intune Compliance State"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Device Category Display Name" attrName="Intune Device Category Display Name"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Device Enrollment Type" attrName="Intune Device Enrollment Type"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Device Name" attrName="Intune Device Name"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Device Registration State" attrName="Intune Device Registration State"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Eas Activated" attrName="Intune Eas Activated"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Eas Activation Date Time" attrName="Intune Eas Activation Date Time"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Email Address" attrName="Intune Email Address"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Enrolled Date Time" attrName="Intune Enrolled Date Time"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Exchange Access State" attrName="Intune Exchange Access State"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Exchange Access State Reason" attrName="Intune Exchange Access State Reason"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Exchange Last Successful Sync Date Time" attrName="Intune Exchange Last Successful Sync Date Time"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Free Storage Space in Bytes" attrName="Intune Free Storage Space in Bytes"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune ID" attrName="Intune ID"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="Boolean" aliasName="Intune Is Encrypted" attrName="Intune Is Encrypted"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="Boolean" aliasName="Intune Is Supervised" attrName="Intune Is Supervised"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Jail Broken" attrName="Intune Jail Broken"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="Date-Time" aliasName="Intune Last Sync Date Time" attrName="Intune Last Sync Date Time"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Last Updated" attrName="Intune Last Updated"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Managed Device Name" attrName="Intune Managed Device Name"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Managed Device Owner Type" attrName="Intune Managed Device Owner Type"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Management Agent" attrName="Intune Management Agent"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Manufacturer" attrName="Intune Manufacturer"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Model" attrName="Intune Model"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune OS Version" attrName="Intune OS Version"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Operating System" attrName="Intune Operating System"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Partner Reported Threat State" attrName="Intune Partner Reported Threat State"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Serial Number" attrName="Intune Serial Number"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Total Storage Space in Bytes" attrName="Intune Total Storage Space in Bytes"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune User Display Name" attrName="Intune User Display Name"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune User ID" attrName="Intune User ID"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune User Principal Name" attrName="Intune User Principal Name"/>
            <Attribute isUserAttr="false" isRole="false" attrDataType="String" aliasName="Intune Wi Fi MAC Address" attrName="Intune Wi Fi MAC Address"/>
          </Attributes>
        </Filter>
      </Filters>
    </AuthSource>
  </AuthSources>
</TipsContents>
​


    ------------------------------
    Michael Holden
    ------------------------------

    Original Message


  • 4.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted Apr 30, 2021 03:26 AM
    thanks for your reply, but I do not find the error.

    DNS is running.

    routing: I can see the Packages in the firewall and ping works to.
    and I can Ping and Traceroute the ip's





    We have an Cluster, and we have only installed it on the publisher, because we only want to to an periodically update to the endpoint db.
    As i understood the document right, that should be ok?

    We have one subnet with 172.16.0.0/16 but no 172.17.0.0/16

    Administration -> Server Manager -> Server Configuration ->Services Parameters Tab -> ClearPass system services -> Extensions Network Address
    is set to 172.17.0.1/16






    ------------------------------
    Timo Bienert
    ------------------------------

    Original Message


  • 5.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted Apr 30, 2021 08:59 AM
    Make sure that you  change the extension's IP so it's not the same as the docker gateway (172.17.0.1)



    ------------------------------
    Michael Holden
    ------------------------------

    Original Message


  • 6.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted May 03, 2021 01:09 AM
    Still the same :-(





    ------------------------------
    Timo Bienert
    ------------------------------

    Original Message


  • 7.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    MVP GURU
    Posted May 03, 2021 08:17 AM
    Hi Timo,

    Do you have restart the service ?

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 8.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted May 03, 2021 09:09 AM
    Hi,

    I have restarted the Extension service, Unfortunately without success.

    ------------------------------
    Timo Bienert
    ------------------------------

    Original Message


  • 9.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    MVP GURU
    Posted May 03, 2021 11:02 AM
    open a case to TAC...

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 10.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    MVP GURU
    Posted May 03, 2021 11:02 AM
    open a case to TAC...

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 11.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted May 03, 2021 12:57 PM
    So the log 'error loading version information' is the extension making a call to CPPM to check the version of CPPM running. The code branches based upon its version and some of the underlying API's in different version of CPPM.

    I'm thinking the failure might be because you have API restriction enabled on CPPM. Can you check.....

    Administration> System Manager> <CPPM Publisher> >Network > Application Access control 

    Do you have any restrictions in place?

    Also have you configured a CPPM Proxy that the extension with adopt, if Yes does the proxy allow CPPM to get to InTune?

    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------

    Original Message


  • 12.  RE: ClearPass Intune Extension 5 _ Error Loading version information

    Posted 5 hours ago

    We are having the same issue while integrating MS Intune API into ClearPass. In the first step, we modified the 172.17.0.1/16 to 172.17.0.2/16 as part of troubleshooting. This change didn't work-the permissions in the Intune portal were provided as mentioned in the Aruba Document.

    Finally, we reverted the changes of system services under service parameters.


    Original Message