Security

Reply
Highlighted
Occasional Contributor II

ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

Hello everyone,

 

One of our customers has a ClearPass setup with Publisher/Subscriber, where the Subscriber is on a different location. They want to use Onboard for the employee devices. For the Publisher everything works as expected, but on the Subscriber, the Onboard Portal page is shown, one is able to log in with the AD Credentials, you can see an Acceppt Message in the ClearPass, but the Client gets the error: "Invalid response from publisher (No session key in response)". This error is independent form the device to onboard. 

 

Could anyone help me withe a clue where this issue comes from?

 

Regards,

 

Marian

Guru Elite

Re: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

Users should be directed to the Onboard portal on the publisher, not the subscribers.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

Does "should" mean it does not work on the subscriber, or does it mean that it is better to direct the the user to the Publisher?

MVP Expert

Re: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

It shouldn't ;) matter if you onboard on pub or or sub. There are mechanics in the background that handles the sync between the pub and subs.

 

That said - can you verify that the sync between the pub and sub is OK? Or is there a high latency between them? What about the clock - are they in sync?


Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Occasional Contributor II

Re: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

Both servers use an internal ntp server, so time should be in sync, but there is a WAN connection between the servers.

 

BTW. Guest works fine with the subscriber.

Occasional Contributor II

Re: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

I finally mitigated this issue by redirecting to the publisher only.

Super Contributor II

Re: ClearPass Onboard error in Publisher/Subscriber setup: No session key in response

HI All,

 

i've just run into this issue myself in 6.6.

 

My understanding was also that you could complete guest and onboard operations on a subscriber, provided that the publisher was reachable. 

 

Is this no longer the case?

 

Scott

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: