Hi All,
I've recently found any issue where my AD server (windows 2003) doesn't return a response to an ldap user search in some situations for 4-5 minutes. This is usually when the server is in the process of being restarted or shutdown for maintenance.
In this case a RADIUS timeout occured to our downstream devices and as such failed.
The issue here is that we had a backup AD server configured however it is never invoked for a large number of sessions and ClearPass seems to hang open until the server comes back onlien.
Eventually after these queries are run, subsequent authentication attempts seem to detect the server is down and then it fails over to the backup server.
I'm wondering whether there should be some kind of LDAP query / search tmeout parameter that expires an LDAP query after a certain amount of time and causes the session to failover to backup server (before RADIUS timeout period).
Anybody else see a problem here or had similar issues?
Scott