Security

 View Only
Expand all | Collapse all

ClearPass Intune extension HTTP attribute query returned error=400

This thread has been viewed 65 times
  • 1.  ClearPass Intune extension HTTP attribute query returned error=400

    Posted Nov 15, 2023 08:12 AM

    Hi Guys,

    I'm having issues with the Intune extension.

    HTTP attribute query returned error=400

    Without selecting the authorization, it works, but ClearPass cannot query in Intune.

    Intune exension logging s empty, looks like the request will not reach the extension or something like that.

    Does anyone have a tip?

    Bet regards,

    Erik



  • 2.  RE: ClearPass Intune extension HTTP attribute query returned error=400

    Posted Nov 15, 2023 05:07 PM

    the intune extension log should show something.

    I suggest stop the extension and restart it and see its logs.



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: ClearPass Intune extension HTTP attribute query returned error=400

    Posted Nov 30, 2023 08:52 AM

    Error 400 means in most cases that the device that you query is not in Intune. Note that with the recent versions of the ClearPass Intune Extension, you need to query based on the Intune Device ID, no longer on the MAC adress as in earlier versions.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 4.  RE: ClearPass Intune extension HTTP attribute query returned error=400

    Posted Dec 11, 2023 09:08 AM

    Hello @Herman Robers,

    I am a little bit confused about extension querying and I was hoping you can clarify a bit more as I understand it is somehow important to have it set up correctly.

    For now I am having as below, I was also trying some queries with Certificate but then my extension was sending errors in logs.
    Users are accepted on the network and everything seems to be fine for the most of them, but I can see this alert on all requests:

    My extension logs are not showing any particular errors with what I have configured for the moment but I have a feeling that I do not understand something and it can be done much better.... 

    Any feedback highly appreciated! 




  • 5.  RE: ClearPass Intune extension HTTP attribute query returned error=400
    Best Answer

    Posted Dec 11, 2023 09:17 AM

    I would recommend to start with the Intune Extension Tech Note available from the ClearPass Tech Notes page.

    One immediate thing that caught my attention is that the use normal parentheses %() in the filter query, where that should be %{curly-braces}. But also the use of Endpoint is deprecated as it uses the client MAC address which is easily spoofed and incompatible with randomized MAC addresses or clients that connect both wired and wireless.

    A presentation on ClearPass with Intune integration has been posted on this page of the Airheads community. That may describe a bit better how the integration works.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------