Security

 View Only
last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Mosyle Clearpass Extension Issue

This thread has been viewed 34 times
  • 1.  Mosyle Clearpass Extension Issue

    Posted Dec 08, 2023 08:26 AM

    We use the Mosyle Clearpass extension to sync all of our Apple devices to the Endpoint Database. It had been working until recently it seems something broke. I keep seeing these errors in the logs and the Endpoint Database does not get updated. 

    I haven't changed anything in the configuration of the extension but after poking around in Mosyle a bit it looks like they made some changes to their API in October. I'm wondering if that's what broke the extension. Has anyone else experienced this issue or have ideas how to fix?
    Here's my configuration for reference:
    Is the Mosyle extension maintained by Aruba or by Mosyle themselves? Not sure who I should open a ticket with if I can't find a solution


    ------------------------------
    Craig Russell
    ------------------------------


  • 2.  RE: Mosyle Clearpass Extension Issue

    EMPLOYEE
    Posted Dec 08, 2023 10:24 AM

    Consider Aruba TAC as your point of contact for ClearPass extensions.

    Please open a Support Case with Aruba TAC. 



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Mosyle Clearpass Extension Issue

    Posted Dec 21, 2023 03:52 PM

    Just an update in case anyone else has this issue and because I find the run-around I'm getting humorous...

    • I created a ticket with TAC - they say it's a bug in the extension and I need to contact Mosyle since it's their extension
    • I created a ticket with Mosyle - they made a change to their API that appears to have broken the extension (as was my suspicion). They say the extension is maintained by Aruba

    I just emailed TAC back, we'll see what happens next....



    ------------------------------
    Craig Russell
    ------------------------------



  • 4.  RE: Mosyle Clearpass Extension Issue

    EMPLOYEE
    Posted Dec 22, 2023 05:51 AM

    ClearPass extensions are published by Aruba and if there are issue with those, Aruba TAC is your point of contact. Please ask the TAC case to be escalated to engineering with the information that you got from Mosyle about the API changes that broke the extension. Aruba engineering should work with Mosyle if needed.

    Please send me a personal message with the TAC case number and I can see if I can get things moving in the right direction.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: Mosyle Clearpass Extension Issue

    Posted Dec 22, 2023 10:06 AM

    Thanks Herman, I figured Aruba maintained the extension which is why was surprised/annoyed that TAC had me reach out to Mosyle. I've asked Mosyle if there is any documentation they could send that I could forward on to the Aruba engineers. Currently the only info I can find is from inside the Mosyle management site so I can't really send a link to that. I'll send you the TAC ticket number shortly



    ------------------------------
    Craig Russell
    ------------------------------



  • 6.  RE: Mosyle Clearpass Extension Issue

    EMPLOYEE
    Posted Dec 22, 2023 03:30 PM

    Mosyle introduced OAuth authentication for any new integrations that are created after October 9th. Existing integration would continue to work using the token based authentication method which was being used earlier. The APIs for fetching endpoint information has not changed and still continues to work.

    If you were hitting issue with OAuth, the error message would have been something like the one below:

    [2023-12-15T12:13:04.429] [ERROR] Mosyle - Request failed with status code 401
    [2023-12-15T12:13:04.429] [ERROR] Mosyle - { error: 'Unauthorized' }

    The get addrinfo error you are seeing looks like something different. Herman has shared the TAC ticket number and we will advice TAC to take a deeper look.




  • 7.  RE: Mosyle Clearpass Extension Issue

    Posted Dec 22, 2023 03:38 PM

    I found that I had an "https" in the extension config that didn't need to be there, once I removed that I started getting these errors instead:

    [2023-12-19T08:56:20.981] [INFO] Mosyle - Processing ios devices...
    [2023-12-19T08:56:20.981] [INFO] Mosyle - Getting page 1 of devices...
    [2023-12-19T08:56:21.361] [DEBUG] Mosyle - 0232ca76-af35-4c3a-a033-201cd87074da Failed request "POST 'https://managerapi.mosyle.com/v2/listdevices'" took 380 ms.
    [2023-12-19T08:56:21.361] [ERROR] Mosyle - Request failed with status code 401
    [2023-12-19T08:56:21.361] [ERROR] Mosyle - { error: 'Unauthorized' }
    [2023-12-19T08:56:21.363] [ERROR] Mosyle - null
    [2023-12-19T08:56:21.363] [INFO] Mosyle - Processing mac devices...
    [2023-12-19T08:56:21.363] [INFO] Mosyle - Getting page 1 of devices...
    [2023-12-19T08:56:21.962] [DEBUG] Mosyle - bad7ad2d-9bb8-439f-a898-2972d01554cf Failed request "POST 'https://managerapi.mosyle.com/v2/listdevices'" took 598 ms.
    [2023-12-19T08:56:21.962] [ERROR] Mosyle - Request failed with status code 401
    [2023-12-19T08:56:21.962] [ERROR] Mosyle - { error: 'Unauthorized' }
    [2023-12-19T08:56:21.963] [ERROR] Mosyle - null
    [2023-12-19T08:56:21.963] [INFO] Mosyle - Processing tvos devices...
    [2023-12-19T08:56:21.963] [INFO] Mosyle - Getting page 1 of devices...
    [2023-12-19T08:56:22.110] [DEBUG] Mosyle - 4a5ed162-dd8c-40d2-8b71-8b5941aff3bc Failed request "POST 'https://managerapi.mosyle.com/v2/listdevices'" took 147 ms.
    [2023-12-19T08:56:22.110] [ERROR] Mosyle - Request failed with status code 401
    [2023-12-19T08:56:22.110] [ERROR] Mosyle - { error: 'Unauthorized' }
    [2023-12-19T08:56:22.111] [ERROR] Mosyle - null
    [2023-12-19T08:56:22.112] [INFO] Mosyle - Sync complete. Added: 0, Updated: 0, Skipped: 0, No MAC: 0, Errors: 0, Time Taken: 1.242 seconds
    [2023-12-19T08:56:22.117] [INFO] Mosyle - The sync on start full update has completed.
    [2023-12-19T08:56:22.415] [DEBUG] Mosyle - 44e4b209-f88d-42c3-8fdc-716b40e06306 Request "GET '/endpoint/mac-address/004172756261'" took 303 ms.
    [2023-12-19T08:56:22.521] [DEBUG] Mosyle - 8b9531ed-d833-4b84-9c7a-4387f8f28be6 Request "PATCH '/endpoint/mac-address/004172756261'" took 105 ms.
    [2023-12-20T03:00:00.084] [INFO] Mosyle - Stats database cleanup completed.
    [2023-12-21T03:00:00.035] [INFO] Mosyle - Stats database cleanup completed.
    [2023-12-22T03:00:00.033] [INFO] Mosyle - Stats database cleanup completed.


    ------------------------------
    Craig Russell
    ------------------------------



  • 8.  RE: Mosyle Clearpass Extension Issue

    EMPLOYEE
    Posted Dec 22, 2023 04:09 PM

    Okay this looks like the OAuth issue. You can confirm this by checking the authentication type under the token as shown below. Previously type would have been "Basic". JWT token support from extension side is in the works to be available before Feb 2024 when Mosyle will officially cut over to using only JWT tokens. Can you reach out to Mosyle to check if they can switch your account to use Basic authentication until we have an update for the extension?




  • 9.  RE: Mosyle Clearpass Extension Issue

    Posted Dec 22, 2023 04:17 PM

    Honestly if the extension is going to be updated by February that's great, I can wait. That's the answer I've been looking for

    Thanks!



    ------------------------------
    Craig Russell
    ------------------------------



  • 10.  RE: Mosyle Clearpass Extension Issue

    EMPLOYEE
    Posted Dec 22, 2023 04:51 PM

    Great, Will update this thread once the updated extension is available.




  • 11.  RE: Mosyle Clearpass Extension Issue
    Best Answer

    EMPLOYEE
    Posted 15 days ago

    Updated Mosyle Extension V4 with support for JWT tokens is now available in the store. Both Mosyle Manager and Mosyle Business are going to deprecate support for basic authentication by Feb 8th 2024.

    Tech note available here: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=dp00003969en_us




  • 12.  RE: Mosyle Clearpass Extension Issue

    Posted 15 days ago

    Hey Matt, I just happened to check the extension store this morning and saw the update was available. I got it installed and was able to successfully sync with Mosyle. Thanks a ton!



    ------------------------------
    Craig Russell
    ------------------------------