Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Timeout in clearpass

This thread has been viewed 7 times

  • 1.  Timeout in clearpass

    Posted Aug 22, 2017 06:52 AM
      |   view attached

    Hi

     

    I have a strange issue with some users having trouble when starting their machines (cold boot), they have to wait 15 to 30 seconds before the wireless is active, sone users log on before the connection is there, and is loggd in cached. If wireless is switched off/on no issue

     

    In the investigation of this issue i see some Timeout 5 to 10 every day, i se no pattern in it, and i have tried to point to other AD and DNS.

     

    [main SessId R00000ea8-01-599ac1b5] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R00000ea8-01-599ac1b5, state - ANYAYQCsALhV0AAAplJ9u0C7eghTLvJcek0Xlg=
    [main SessId R00000ea8-01-599ac1b5] ERROR RadiusServer.Radius - reqst_clean_list: Packet 108:244:88:4851B75E43E0 recv 1503314357.433801 - resp 1503314357.443851
    [main SessId R00000ea8-01-599ac1b5] ERROR RadiusServer.Radius - reqst_clean_list: Packet 111:410:236:4851B75E43E0 recv 1503314357.452483 - resp 1503314357.453606
    [main SessId R00000ea8-01-599ac1b5] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation.

     

    I have no clue where to look for this error ? 

     

    I am on CPPM 6.6.5 

     

    Is there any that have some hints ?

     

    I have included a log

    Regards Erik Loeth

     



  • 2.  RE: Timeout in clearpass

    EMPLOYEE
    Posted Aug 22, 2017 07:15 AM
    Which EAP method are you using?
    How are the supplicants being managed?


  • 3.  RE: Timeout in clearpass

    Posted Aug 22, 2017 07:34 AM

    EAP-PEAP

     

    Aprox 2500 clients over the day

     

    Regards Erik Loeth



  • 4.  RE: Timeout in clearpass

    Posted Aug 23, 2017 06:29 AM

    Noboddy has any ide where to look ?

     

    Regards Erik Loeth



  • 5.  RE: Timeout in clearpass

    EMPLOYEE
    Posted Aug 23, 2017 09:08 AM
    How are the supplicants being managed?
    Is your EAP server certificate publicly or privately signed?


  • 6.  RE: Timeout in clearpass

    Posted Aug 23, 2017 09:15 AM

    Thanks for replying

     

    Clients is getting a policity from AD, and the certificate is public (not wildcard)

     

    I will verify that the eap cert i a public to morrow.

     

    Regards 

     

    Erik Loeth

     



  • 7.  RE: Timeout in clearpass

    Posted Aug 24, 2017 05:47 AM

    Hi

     

    Yes it is a public cert, from godaddy

     

    Regards Erik Loeth.

     

     



  • 8.  RE: Timeout in clearpass
    Best Answer

    Posted Aug 30, 2017 03:20 AM

    Hi

     

    After a TAC case the issue was a timeout on the client side, client not responding. 

     

    The issue is now investigated, it seems that a securetty software is slow to start.

     

    Regards Erik Loeth