I saw a similar issue some time ago, and there the issue was that the primary DNS server was not reachable/responding to ClearPass.
The realtime lookup will go to Entra ID/Intune every time, if the IP for Azure is not known, ClearPass (extension) will do a DNS lookup. If the primary DNS is not responding, it wall fallback to the second DNS and then cache the result for some time. Till the DNS timeout occurs, and then there is again a timeout.
This may be the same issue....
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Apr 22, 2024 12:23 PM
From: JSheehy13
Subject: Intune Extension - Performance Issues
Hi everyone - Does anyone know a way to increase the performance of the realtime Intune authorizations in the extension? We are noticing a tremendous amount of queries out to Intune and sometimes a delay of 5+ seconds when waiting for a response. I noticed in the configuration
"enableEndpointCache": true,
"endpointCacheTimeSeconds": 900,
Would there be a way to adjust any value here? I mean the delays could also just be our network as well....we are trying to pinpoint.
ALso, we were thinking about using EAP-TLS only without authorization, but I do not know if that is a good approach from a security standpoint. Any assistance would be helpful...thanks!