Title mentions CPPM 6.10, so may be a typo in the message.
Do you see something on the Panorama side in the logging? Have you create packet captures of the traffic between ClearPass and Panorama? Are certificates/trust for https configured and still valid?
If I freely interpret the error message, it looks like CPPM can connect to the Panorama, SSL sessions comes up (so probably certs are okay), then ClearPass sends the request, but never hears back something from Panorama. If you have the full URL, and can find the JSON/XML (think you can get that from the postauth.log file if you run a 'Collect Logs'), you could replay that command with Postman or curl/wget if you know how to do that.
My PAN integration just works with CPPM 6.10, I only have a single firewall and no Panorama. May be good to get PAN Support involved as well, as it may be Panorama acting strangely. Are you sending high numbers of userid updates (think multiple per second)?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 04, 2022 07:29 AM
From: Unknown User
Subject: CPPM 6.10 stopped working with PAN User-ID XML API
Curious why you have a new install of CPPM 6.5??? That version is well past support. You should upgrade ClearPass to 6.10.
Original Message:
Sent: Aug 04, 2022 03:05 AM
From: Scott Doorey
Subject: CPPM 6.10 stopped working with PAN User-ID XML API
Hey Airheads,
I've got a new install of CPPM 6.5 integrated with Palo Alto Panorama using the XML API.
Solution was tested out fine but after a few weeks started getting repeated error messages:
Unable to post request to PAN panorama.hostname, err: (HTTPSession): unable to execute POST request. err: Post https://panorama.hostname/api/?action=set&key=<KEY>&target=<SERIAL>&type=user-id": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"
Anybody had this issue?
TAC Case open but taking some time to align with the right engineers.