Security

Reply
MVP Expert

CPPM 6.8.1 db query error

Just upgraded our building (dev) servers to cppm 6.8.1. I'm running a 2 node cluster

 

While everythnig seems to work, I've noticed that whenever I try and access Access-Tracker records for the slave publisher I get a db connection error. See attached file

 

Everything worked in 6.8.0 and does work in 6.8.0 as thats what our production cluster is using

 

During the . upgrade I did notice some warning/error messages about ensuring tht the clearpass cert contained server IP addresses in the SAN field... we don't have these. Might this affect the master publisher extracting info from a cluster member ? 

 

 

New Contributor

Re: CPPM 6.8.1 db query error

We tried to reproduce the issue in internal testbeds. But we are not seeing the issue you mentioned  . Did you follow any specific steps to see this issue?

MVP Expert

Re: CPPM 6.8.1 db query error

Nope, 

 

just logged onto the master publisher, went to access tracker and clicked on entry from non master publisher cluster member. Still doing it now if you want to remote session to it

 

MVP Expert

Re: CPPM 6.8.1 db query error

Everything else is working ... 

Contributor I

Re: CPPM 6.8.1 db query error

Happening here too. Investigating for more details.
Contributor I

Re: CPPM 6.8.1 db query error

I just fixed this by regenerating new DB Server Certificates with all the IP addresses of every Policy Manager node in my cluster, and rebooted. Everything works fine now. 

MVP Expert

Re: CPPM 6.8.1 db query error

o.k. thought everyrthing was o.k. here because of the following in the release notes

 

 

When ClearPass is updated from 6.8.0 to 6.8.x, the default self-signed database server certificate is automatically regenerated and will be valid for five years instead of one year. Similarly, in future when a 6.8.x system is upgraded to a major version, a new default self-signed database server certificate with a five-year validity will be generated. This change only affects the default database server certificate; any Certificate Authority (CA) signed database certificate you might have created is not replaced. (CP‑33732)

But obviously not, so how do I recreate the db server cert? is  that the same as the https cert ?

MVP Expert

Re: CPPM 6.8.1 db query error

o.k. found it, so this can just be a locally generated certificate then ?

Aruba

Re: CPPM 6.8.1 db query error

Yes
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP Expert

Re: CPPM 6.8.1 db query error

one final ( probably silly)  question, each self generated cert only has the IP addresss associated with that server in the SAN and not all the ip addresses in a cluster ?

A

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: