Security

Reply
Highlighted
Occasional Contributor I

Clearpass and intune

Couple questions in the regards of CPPM and Intune extension.

Sysinfo: CPPM 6.7.9, cluster of two nodes. Using intune extension v4.0.0.

 

1) Any special considerations needed when deploying in a cluster?

For now I ran all commands following the latest guides on the publisher, I assume this is the way, but a bit unsure in terms of the extension IP.

 

2) Having the extension installed and added as an authorization source for the standard 802.1x CPPM service causes logins every so often to timeout.

Access tracker reveals:

Failed to get value for attributes=[OS Family].
Session failed for Host=http://172.17.0.2, Reason=[get::<easy_perform>, (error=56) Failure when receiving data from the peer].
[MS Intune Auth Source] - authorization took 30 secs

Whenever the timeout doesn't happen I can see the gathered intune attributes.

 

Moderator

Re: Clearpass and intune

Did you install the extensions on all nodes in the cluster with the same IP?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Clearpass and intune

Nopes, thought it was enough that the publisher node had the extension running. Setting it up on both nodes seem to have resolved it.

New Contributor

Re: Clearpass and intune

Should I be using the same IP on boths nodes of the cluster or choose a new one for the subscriber?

 

 

Occasional Contributor II

Re: Clearpass and intune

I want to echo BobC's question.  I have 7 subscribers that I need to configure for the Intune extension (publisher is already configured).  Do I use all of the same Azure information for the entire cluster (tenantID, ClientID, and clientSecret), as well as the same IP address?  Based on sharing a single auth source it would make sense that all 8 CPPM servers would use the same IP address.

Moderator

Re: Clearpass and intune

The entire configuration should be the same on every node, including the extension IP.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Clearpass and intune

Thanks Tim, our cluster configuration for Intune is complete.

Occasional Contributor II

Re: Clearpass and intune

 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: