Security

Reply
Highlighted
Aruba

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

Did you check your DB cert? You may need to redo the DB cert with a SAN entry with the IP address. 

SAN .    IP:ipaddress

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

I have fresh installations, no installed certificates, since when do I need for  clustering change default certificates SAN configuration?

Aruba

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

As of 6.8 the DB cert is now in the cert services drop down. The cluster needs to also trust the DB cert to continue. I dont remember the whole details off the top of my head but the self signed cert has the hostname and the cluster join is trying by IP. If you put the IP in the SAN field it will join. I believe it was fixed in 6.8.1 but dont quote me. I just know a quick fix is to just use the CA in onboard and sign the DB CSR from both servers with a SAN entry with the IP address
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

One more bug, when upgrade clearpass from 6.7.10 to 6.8. Then change active system image back to 6.7.10, clearpass lose  VM activation token.

 

Action Status: This Activation Request Token is already in use by another instance
Product Name: ClearPass Platform
License Type: Permanent
User Count: 100

 

really?

 

 

I hope it will be recovered after  some time

Occasional Contributor II

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

Hello all,

 

we had exactly the same topology as written in the first post.

We were able to join the cluster usting the console command:

"cluster make-subscriber -V -i YOU.R.I.P"

 

Then the cluster join worked smooth!

 

Best regards

 

Frequent Contributor II

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

I tried this with command as you but it shown.

"

INFO - Check publisher connection passed
ERROR - Cannot connect to publisher database. Common errors include incorrect password, TCP port 5432 blocked, or invalid certificate.

"

No blocked, ping reach to each other.

Please advise.


Thank you,
Ratchapas S.
Land of Smiles
Frequent Contributor I

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

Hi

 

I can confirm

I had the same problem in GUI interface in CPPM 6.8.2

but with CLI command:

 

cluster make-subscriber -V -i <ip-address>

 

building cluster was ok

Don't know why from GUI there is a problem 

 

regards

 

Karol

Frequent Contributor II

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

Hi Karol,

 

I tried CLI command but it did not work.


Thank you,
Ratchapas S.
Land of Smiles
Occasional Contributor I

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

This worked for me on ESXi 6.5 (below)


@kkarkowski wrote:

Hi

 

I can confirm

I had the same problem in GUI interface in CPPM 6.8.2

but with CLI command:

 

cluster make-subscriber -V -i <ip-address>

 

building cluster was ok

Don't know why from GUI there is a problem 

 

regards

 

Karol


 

Aruba Employee

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

Export the Publisher's HTTPS Cert and Database Cert into the Subscriber's Trust List. Since the export Cert is in .p12 format, please convert it to a .der format. Once that is done the clustering for 6.8.x shouldn be working.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: