If you do some testing in our production ClearPass, be sure not to have expired RADIUS service certificates. We had one just expire (meant to fix it next week as it was for new service I was testing on) and this caused our whole CPPM cluster to fail. Might have been because I was adding a new subscriber which might have done a refresh for the RADIUS service.
In all our CPPM servers RADIUS service stopped and didn't start.
Problem was that the RADIUS service certificate mapped to a service under Authentication -> Service Certificate expired. After we switched it to a valid certificate everything started working again.
This was on 6.8.2
(btw is it possible to update subscribers first to a newer version and only after that the publisher?)