Security

Hi,

 

I want to install patch bundle 3 on our ClearPass evaluation system. The download and install of the patch software via ClearPass gives an install error.

 

Installing patch
from=CPPM-x86_64-20131022-clearpass-6.2-updates-3-patch.bin
Extracting
patch...
Preparing...
##################################################
package clearpass-guest-plugin-kernel-6.2.3-29032.noarch is already installed
INFO:
Preparing ...
INFO: Running pre-install scripts ...
INFO: Applying patch
...
ERROR: Applying the patch failed, aborting: RPM upgrade failed
Exiting
with 255

 

So I downloaded the file offline without any problem but when I start the import of the patch I get an error message 'Content-type "text/plain" is not supported'.

Why I can't import the file? Is this due the the signed file? I can't unzip the file to a bin file. Install via CLI ??

 

Did you try using a different browser?

I first tried with IE, a second test with Chrome gives:

 

Upload is not compatible: update is already installed or is a lower version than one on the system

 

I already have cumulative patch 2 installed and patch 3 with an install error. The previous patch 3 installation iwith install error s seeen by the import process.

 

Any idea?

Try rebooting and run the install.

Can you download and run the install from the update page?

If not try running it from the cli


1. Begin the upgrade process by typing the following command:

system upgrade
For example: system upgrade CPPM-upgradeimage.bin

The upgrade process should begin immediately upon executing the above command.

2. After the upgrade is complete, restart the machine using the following CLI command

system restart


The ClearPass Policy Manager will restart and boot up to the latest version, CPPM 6.1.

Hi Troy,

 

problem is that I'm not able to import the patch-file via the GUI (and place the file on the CP server somewhere in a directory). Do you know where to place the file on the CP server via CLI? After that I can run the system upgrade .... command as you proposed.

You can host it locally HTTP or tftp an run the

"system update -i http://address.com/filename.bin"

Troy,

 

How can I convert the patch-file with extension 'zip.signed' to a normal zip file where I can unzip the bin-file from

You shouldnt have to. The system will extract the file. 

Due to firewal policy i'm not able to do http or SSH. Seems that CP is only supporting HTTP and SSH.

 

system upgrade user@hostname:/<filename> [-l] [-L]     (uses SSH to connect)

system upgrade http://hostname/<filename> [-l] [-L]     

system upgrade <filename> [-l] [-L]

 

 -l   -- restore last 1 week of access tracker records after upgrade    

-L   -- do not restore any access tracker records from this version

 

I'll ask the VMware colleagues to copy the file on the server. Do you know in which directory the file has to be copied? So I can use the system upgrade command for a local file on the system (3th in list above)

 

Thx.

 

Patrick.

That is unsupported. You will have to open a TAC case and have them work with you to upgrade. We only support file transfer from the command line, gui import or with the auto download.

The easiest would be to grant cppm Internet access and let it auto download the file.

Troy,

 

CPPM has access to internet but apparently only downloaded a part of the patch-file (compaired file size). This generated the install error in the GUI. I cannot remove this from the system through the GUI. The install error stays displayed in the GUI.

 

But, I'll contact TAC for support.

 

Thx for your efforts and help.

 

Patrick.

Ok, I'll open a TAC case to solve the problem.

 

Thx for your efforts and help.

 

Patrick.