Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass intune : HTTP attribute query returned error=404

This thread has been viewed 93 times
  • 1.  Clearpass intune : HTTP attribute query returned error=404

    Posted Oct 26, 2023 04:16 PM

    We currently have an on prem AD that we check based on a computer certificate. We are now working on doing this with Intune devices based on EAP TLS. We use 1 root CA under which the local ad and intune users receive their certificate from another "issuing". Now we get the error 404 back.

    We are using the following authentication source:

    If we do not use role mappings, authentication works, even though we get the same error message. Is this more because clearpass knows our certificate. However, we want to make a distinction here with the following role mapping:



  • 2.  RE: Clearpass intune : HTTP attribute query returned error=404

    EMPLOYEE
    Posted Oct 31, 2023 10:25 AM

    For the Intune Extension you would need the Intune Device ID as CN in your certificate and where you 'blurred' in the extension logs, should appear the Intune Device ID.

    The 404 error suggests that the ID queried in Intune is not the Intune Device ID, or the device is not in the same Intune Instance, or the API permissions are not properly setup in Entra ID.

    Did you configure synchronization to the Endpoint DB as well? And do you see the Endpoint Repository populated with Intune Attributes?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Clearpass intune : HTTP attribute query returned error=404

    Posted Oct 31, 2023 10:58 AM

    Hello Herman,

     

    In the extension log that has been blurred we see the "Intune device name" returned

    The endpoint DB has been synced and we see Intune attributes here. So when we look in the enpoints we see intune devices. However, we want to use http authorization mode.

     

    assuming the device id needs to be configured in the certificate as shown in the clearpass documentation.

    Afbeelding met tekst, schermopname, Lettertype, nummer  Automatisch gegenereerde beschrijving

     

    when using the source without authentication source, we get the same error.Afbeelding met tekst, schermopname, Lettertype, nummer  Automatisch gegenereerde beschrijving

    Afbeelding met tekst, schermopname, Lettertype, nummer  Automatisch gegenereerde beschrijving

     






  • 4.  RE: Clearpass intune : HTTP attribute query returned error=404

    Posted Nov 01, 2023 12:22 AM

    I had the same issue, had to do two things:

    1) It seems that using a SAN field with the URI including 'IntuneDeviceID://' doesn't work because ClearPass doesn't strip it off. I think ClearPass just wants the actual DeviceID value only.

    I opted to not use the SAN, and just use CN={{DeviceID}} in the SCEP profile.

    2) I am using the 'enableEndpointCache' value and only syncing certain attributes. I was not syncing the attributes that I was trying to populate with the HTTP authz source, so I had to add these.




  • 5.  RE: Clearpass intune : HTTP attribute query returned error=404

    Posted Dec 12, 2023 08:31 AM

    Hi Skywave,

    we are using the CN only in the SCEP profile, but I get the rlm_eap_tls: certificate does not have X509v3 Subject Alternative Name extension error.

    Regards,

    Erik