This message indicates that there is something wrong with the domain join of your ClearPass.
I have seen windows administrators delete the computer account the ClearPass created (and requires to do MSCHAP authentication), so double check with your AD admins.
You can check as well:
- That ClearPass is configured to use the Active Directory DNS servers; that is needed to find the right domain controllers.
- That time is set correct on both ClearPass and the domain controllers; use the domain controllers as NTP server to make sure they run the same time source.
- That there are no firewall in between ClearPass and your domain controllers that might block the authentication traffic.
- You can check from the appadmin (console) account the AD and kerberos servers:
[appadmin@cppm.nl.arubalab.com]# ad auth -u herman -n nl
password:
INFO - NT_STATUS_OK: Success (0x0)
[appadmin@cppm.nl.arubalab.com]# krb auth herman@nl.arubalab.com
Using default cache: /tmp/krb5cc_0
Using principal: herman@NL.ARUBALAB.COM
Password for herman@NL.ARUBALAB.COM:
Authenticated to Kerberos v5
And work with TAC if these do not fix your issue...