Security

Reply
Highlighted

ClearPass Error 106 - Still Sending RADIUS Response?

We have an unusual issue with one of our CPPM servers where the RADIUS and Policy services continue running, but I'm receiving Error Code 106:

Error Message:
Internal error in RADIUS server

My question is when the server does not match a service and has this error, does it return a RADIUS reject or do the request normally timeout on the NAS side? This is for Cisco wired 802.1x/MAC Auth. We are looking at our configuration options and need to know if a response is returned or not.

 

Thanks.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!

Accepted Solutions
Highlighted

Re: ClearPass Error 106 - Still Sending RADIUS Response?

I was able to confirm with my TAC engineer that a RADIUS response does not take place because the failure is happening in the beginning stages of the request handling and does not go far enough to process an accept or reject response.

 

Thanks for the help everyone.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!

View solution in original post


All Replies
Highlighted
MVP Expert

Re: ClearPass Error 106 - Still Sending RADIUS Response?

Are you not seeing any authentication failures in access tracker with this error message?

 

Some time we see this error message if their is delay in authenticaton/authorization source radius response. Can you cross check if their is time sync and network delay issue.

 

 

 


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted

Re: ClearPass Error 106 - Still Sending RADIUS Response?

No delays, after this starts every request from that point forward we receive rejected RADIUS requests with that error code. I've got a TAC case open and restarting the policy service fixes it, but in between this event and us identifying that, we are having a lot of users affected. We want to do some configuration on our switches to help with a failure like this, but depends on if we are receiving a rejected radius response or no radius response.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Highlighted

Re: ClearPass Error 106 - Still Sending RADIUS Response?

I was able to confirm with my TAC engineer that a RADIUS response does not take place because the failure is happening in the beginning stages of the request handling and does not go far enough to process an accept or reject response.

 

Thanks for the help everyone.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!

View solution in original post

Highlighted
MVP Expert

Re: ClearPass Error 106 - Still Sending RADIUS Response?

Yes, radius thread handles the request, if radius request coming in and their is no response or delay from authentication source, number of request in queue will increase and certain point thread will run out which result in authentication failure and restart serivce will fix it temperorly for but we need to look in to dealy which causing it.

 

 


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
Occasional Contributor I

Re: ClearPass Error 106 - Still Sending RADIUS Response?

Were you able to find a solution for this issue?

 

Thanks

Highlighted

Re: ClearPass Error 106 - Still Sending RADIUS Response?

Yes, we have Microsoft Intune integrated as an authorization source via API and our CPPM server did not have access to reach Intune. By default there is a 27 second (I believe) timeout per request in our current version of code (6.7.5) and because we have so many authentication requests per second, the queue just got backed up and couldn't process any requests anymore. Removing Microsoft Intune as an authorization source resolved the issue. Supposidly in later versions of CPPM (6.8.x) this timeout value is configurable.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Highlighted
New Contributor

Re: ClearPass Error 106 - Still Sending RADIUS Response?

This error occurred to me when trying to swap the names of the shelf registrations base page in configuration -> pages.
Solution is a new non-copied registration page.
I think the database can't properly track the changes.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: