Security

Reply
Highlighted
Contributor II

AD Authentication source breaks reliably - hostname weirdness

We have 3 Clearpass 6.7.10 5k (or whatever they're called now) running in a publisher-subscriber setup.  All of our infrastructure is in-house, running on Vmware.  We have 3 domain controllers that we're querying via the Primary, Backup 1, and Backup 2 tabs.  Mysteriously, the Primary hostname keeps changing to 'localhost', using port 6432.  We change it back, and a week or so later, it flips back again.  The incorrect hostname shows up on all three Clearpass servers.  That domain controller works fine for other uses, and before the hostname gets changed, we can tell that it is being queried successfully by Clearpass.  After we correct the hostname, we can browse the domain via Clearpass.  There's nothing in the logs that we can find which could explain the issue.  TAC has been involved for quite some time, but they're stumped.  

Highlighted
Contributor II

Re: AD Authentication source breaks reliably - hostname weirdness

OK, after some digging, we discovered that the hostname changes when we clear the cache for the auth source.  The audit viewer shows that the user who cleared the cache changed the hostname, which is untrue.  This looks like a bug to me. 

 

 

localhost.png

Highlighted
New Contributor

Re: AD Authentication source breaks reliably - hostname weirdness

Any resolution?  I'm seeing a similar behavior with one of my domain controllers.

Highlighted
Contributor II

Re: AD Authentication source breaks reliably - hostname weirdness

No, we have not found any resolution to this problem.  The workaround, which is to change the primary hostname every time you clear the cache, is not ideal.

Highlighted

Re: AD Authentication source breaks reliably - hostname weirdness

Does this only happen to the primary? Have you tried putting the backup 1 or backup 2 as the primary to see if it still happens?



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Highlighted
Contributor II

Re: AD Authentication source breaks reliably - hostname weirdness

It only happens to the primary.  Yes, we've shuffled them around, and it reliably happens to the primary.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: