Security

Reply

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

Did you check your DB cert? You may need to redo the DB cert with a SAN entry with the IP address. 

SAN .    IP:ipaddress

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

I have fresh installations, no installed certificates, since when do I need for  clustering change default certificates SAN configuration?

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

As of 6.8 the DB cert is now in the cert services drop down. The cluster needs to also trust the DB cert to continue. I dont remember the whole details off the top of my head but the self signed cert has the hostname and the cluster join is trying by IP. If you put the IP in the SAN field it will join. I believe it was fixed in 6.8.1 but dont quote me. I just know a quick fix is to just use the CA in onboard and sign the DB CSR from both servers with a SAN entry with the IP address
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

One more bug, when upgrade clearpass from 6.7.10 to 6.8. Then change active system image back to 6.7.10, clearpass lose  VM activation token.

 

Action Status: This Activation Request Token is already in use by another instance
Product Name: ClearPass Platform
License Type: Permanent
User Count: 100

 

really?

 

 

I hope it will be recovered after  some time

Occasional Contributor II

Re: Clerpasss 6.8 Clustering Problem on ESXI 6.7

Hello all,

 

we had exactly the same topology as written in the first post.

We were able to join the cluster usting the console command:

"cluster make-subscriber -V -i YOU.R.I.P"

 

Then the cluster join worked smooth!

 

Best regards

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: