@pmbisht333 wrote:
Hi,
I am new to the community and has an issue.
we have multiple remote sites and all of them are using Aruba wireless network to connect different SSIDs. These users are being authenticated via ClearPass and AD. We have upgraded a Domain Controller at one of the site. After upgrade the users at specific site are not being authenticated but for rest of the sites it works fine.
On clear pass the status is Timeout and Reject but few of the users are able to authenticate successfully.
Alerts -
Error Code: 206
Error Category: Authentication failure
Error Message: Access denied by policy
Alerts for this Request -
RADIUS: Applied 'Reject' profile
Attached the logs for analysis.
Regards
Pankaj
Based on your original post, if you are using 802.1x to authenticate users and you upgraded a domain controller, and you are having timeouts, it is possible that ClearPass is sending authentications to domain controllers that are far away, creating latency and possible timeout issues. The solution is to define "password servers" so that you can be sure ClearPass uses a domain controller that is close to your ClearPass servers: https://www.arubanetworks.com/techdocs/ClearPass/6.7/PolicyManager/index.htm#CPPM_UserGuide/Admin/ServerConfig_addpwdserver.htm?Highlight=password%20server
With regards to the "reject", you need to look at what parameters on the authentication that is rejected do not satisfy your enforcement policy rules.