Security

Hi community,

 

yesterday I successfully updated two 25k HW appliances from 6.6.9 to 6.7.1 without any issues.

But today my customer and I were testing several features and facing that Insight isn't reachablke anymore. We are getting the follwing failure:

 

502 Proxy Error

The Proxy server could not handle the request GET /insight/login

 

Reason: Error reading from remote server

 

Is there someone facing the same problem after upgrading to 6.7.x?

Do someone now how the Insight Service is handled internally? How can I restart the insight service?

Reconfigure the Insight settings in the server configuration doesn't have any impact, or solve the problem.

 

thanks in advance.

Please check your DNS configuration..  Are you using external name servers or ones that cannot resolve your CPPM hostname?.   CPPM needs to be able to resolve itself for this to work.

I just check the DNS config and if the system is able to resolve it's hostname.

There is a know bug. bug (43676) I would check with TAC and see if you are running into it.

Quick fix for one customer.

Customer changed primary DNS from Google public to internal as recommended workaround and issue is resolved. Customer confirmed they are able to access Insight successfully.

Did you find a solution?

DNS is definitely not the problem!

 

Regards,

Uli

Same here 6.7.3.

Fresh install.

Dns is not the issue

I've also ran into this. My DNS seems to be ok.

Is there any solution for this?

I saw someplace else that updating to 6.7.5 solves the issue. I tried and indeed it was solved.

6.7.4 is the recommended upgrade to fix this bug. 6.7.5 is available though, and obviously upgrading to it would also fix the bug.

I understand this thread is a almost 8 months old so not sure if I'll get a response.... I recently upgraded to 6.7.5 and I am running into this problem - I checked and my DNS is fine, set to internall primary and secondary DNS servers.

 

Did I miss something?

 

Can you describe the scenario?

 

Are you logging into Policy Manager and navigating to Insight from there or trying to log into Insight directly? Did you configure the Insight service in Policy Manager? Are you getting to the login page or is it showing a page error or just not loading?

Is it enabled ?
https://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/Cluster%20Deployment/Insight_enabling.htm



Thank you

Victor Fabian

Pardon typos sent from Mobile

Yes, Insight is enabled on 6 of 8 nodes in my cluster.  When navigating to the server, if I click on the Clearpass Insight button I get redirected to a 502 Proxy Error page (see below).  This was working prior to my upgrade from 6.6.3 to 6.7.5.

 

 

Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /insight.

Reason: Error reading from remote server

 

 

That error is the same one that was supposed to be addressed in the 6.7.4 patch. Sounds like there may still be some bugs sticking around. I'm not sure if you've done this already, but I would open a case with support and keep an eye out for the next available version of CPPM to see if it's listed as a fixed bug.

I would also suggest, if possible, that you perform the installation of 6.7.0 and then upgrade to 6.7.5. Maybe that's a flow that's more guaranteed to work.

Yes, I was working with Support and they had me upgrade the cluser to 6.7.0 then a cummulative patch to 6.7.5

Thanks, Thats what I figured from the information in the thread.  I've been working with Support on a number of CPU problems that arose since the upgrade - I'll address this with them as well.

 

Thanks all!