Security

We have a (10) server cluster on 6.7.5 with (2) C3000 and (8) C2000 servers. Two of our C2000 servers just started experiencing a strange issue where suddenly the server will stop processing RADIUS/TACACS requests with Error code 106. Services indicate "running" but restarting them fixes the issue. This has happened (4) times the in the last two weeks and has impact clients multiple times. 

 

TAC case is opened and escalated and a possible bug defect is being filed on our behalf. 

 

The question I have is that this was isolated to 1 specific server, but as soon as I integrated Microsoft Intune as an Authorization Source in our 802.1X service, the issue impacted another server right after. Could be cooincidence, but wanted to check to see if anybody had a similar problem with MDM integration or having too many authorization sources. Basically just looking for some feedback other then waiting on TAC.

 

Thanks.

Hi,

Authorization is done by policy server. If there is any delay in fetching athorization data from Intune, you would run into the error "Cannot Send Request to Policy Server". Basically the policy server connections or busy/stuck.

Updating the servers to 6.7.9 (recommend 6.7.10) will allow you to define timeout interval for http based authz source (Intune). Set the timeout to minimum value (say 5 secs) to force the policy server to timeout the authorization after configured seconds and free the connections.

Thanks! That actually sounds very similar to what we were seeing. I will
follow up with TAC with that possibilty.

Thanks again. I'll update post once I get more details.