Hello Hermann,
I have the same issue. My setup is a bit different though. My switch is an ArubaCX 6100. I can see from the access tracket, that a CoA Bounce Switchport is triggered. Thus it cannot be done, because some information seem to be missing. In the log I have the following output:
"
Request log details for session: W000018f3-01-628b9070
Time Message
2022-05-23 15:47:28,546 [RequestHandler-1-0x7f44be5f2700 r=psauto-1634809459-99469 h=223 r=W000018f3-01-628b9070] INFO Core.ServiceReqHandler - Service classification result = hum-OnGuard wired Service
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 r=psauto-1634809459-99470 h=239 r=W000018f3-01-628b9070] INFO TAT.TagAttrTableUtil - buildTagAttrTableInput: Connection:NAD-IP-Address is not found
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 r=psauto-1634809459-99470 h=239 r=W000018f3-01-628b9070] INFO Common.EndpointTable - Returning EndpointSPtr for macAddr 000ec66ac9d3
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 r=psauto-1634809459-99470 h=239 r=W000018f3-01-628b9070] INFO Common.TagDefinitionCacheTable - No TagDefCacheMap could be found for instance id = 0 entity id = 29
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 r=psauto-1634809459-99470 h=239 r=W000018f3-01-628b9070] WARN Common.TagDefinitionCacheTable - Failed to build TagDefinitionMap. Unknown NadClient for Id=0
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 r=psauto-1634809459-99470 h=239 r=W000018f3-01-628b9070] INFO TAT.TagAttrHolderBuilder - No tags built for instanceId=0|entity=Device
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 r=psauto-1634809459-99470 h=239 r=W000018f3-01-628b9070] INFO TAT.AluTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL AuthLocalUser)
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 r=psauto-1634809459-99470 h=239 r=W000018f3-01-628b9070] INFO TAT.GuTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL GuestUser)
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 r=psauto-1634809459-99470 h=239 r=W000018f3-01-628b9070] INFO TAT.OnboardTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Onboard Device User)
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_SOAP_WEBAUTH Started ***
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskAuthSourceRestriction **
2022-05-23 15:47:28,553 [RequestHandler-1-0x7f44be5f2700 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskRoleMapping **
2022-05-23 15:47:28,554 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskAuthSourceRestriction **
2022-05-23 15:47:28,554 [RequestHandler-1-0x7f44be5f2700 h=750410 c=W000018f3-01-628b9070] INFO Core.PETaskRoleMapping - Roles:
2022-05-23 15:47:28,554 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskRoleMapping **
2022-05-23 15:47:28,554 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskIntPosture **
2022-05-23 15:47:28,554 [RequestHandler-1-0x7f44be5f2700 h=750412 c=W000018f3-01-628b9070] INFO verifiers.PostureVerifierUtil - checkVersionAtLeast: Version format is empty. Comparing versions without format.
2022-05-23 15:47:28,554 [RequestHandler-1-0x7f44be5f2700 h=750412 c=W000018f3-01-628b9070] INFO verifiers.PatchAgent - processHealthClassInfo: : Windows Update Agent missingPatches is false.
2022-05-23 15:47:28,554 [RequestHandler-1-0x7f44be5f2700 h=750412 c=W000018f3-01-628b9070] INFO verifiers.PatchAgent - processHealthClassInfo: : Windows Update Agent reported number of missing patches on client - 0
2022-05-23 15:47:28,555 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskIntPosture **
2022-05-23 15:47:28,555 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskPosture **
2022-05-23 15:47:28,556 [RequestHandler-1-0x7f44be5f2700 h=750413 c=W000018f3-01-628b9070] INFO Core.PolicyResCollector - updateSpt: SPT set to: HEALTHY force=0
2022-05-23 15:47:28,556 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskPosture **
2022-05-23 15:47:28,556 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskPolicyResult **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskPolicyResult **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskEnforcement **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 h=750415 c=W000018f3-01-628b9070] INFO Core.PETaskEnforcement - EnfProfiles: AOS-CX - Bounce Switch Port]
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskEnforcement **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskAppEnfProfileBuilder **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskSnmpEnforcement **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskRadiusCoAEnfProfileBuilder **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskAgentEnfProfileBuilder **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskPostAuthEnfProfileBuilder **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskGenericEnfProfileBuilder **
2022-05-23 15:47:28,557 [RequestHandler-1-0x7f44be5f2700 h=750421 c=W000018f3-01-628b9070] INFO Core.PETaskGenericEnfProfileBuilder - getApplicableProfiles: No App enforcement (Generic) profiles applicable for this device
2022-05-23 15:47:28,558 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskGenericEnfProfileBuilder **
2022-05-23 15:47:28,558 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskAgentEnfProfileBuilder **
2022-05-23 15:47:28,558 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskSnmpEnforcement **
2022-05-23 15:47:28,558 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskAppEnfProfileBuilder **
2022-05-23 15:47:28,558 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskCliEnforcement **
2022-05-23 15:47:28,558 [RequestHandler-1-0x7f44be5f2700 h=750422 c=W000018f3-01-628b9070] INFO Core.PETaskCliEnforcement - startHandler: No commands for CLI enforcement
2022-05-23 15:47:28,558 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskCliEnforcement **
2022-05-23 15:47:28,558 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] INFO Core.PETaskRadiusCoAEnfProfileBuilder - Radius_CoA enfProfiles used: AOS-CX - Bounce Switch Port]
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] INFO Core.PETaskRadiusCoAEnfProfileBuilder - UnknownAutzParams to fetch for RadiusCoAEnfProfiles: :
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] INFO Core.PETaskRadiusCoAEnfProfileBuilder - UnknownNAutzParams to fetch for RadiusCoAEnfProfiles: : Radius:IETF:Calling-Station-Id, Radius:IETF:Event-Timestamp, Radius:IETF:NAS-Identifier, Radius:IETF:NAS-Port, Radius:IETF:User-Name
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:Calling-Station-Id}, error=No values for param=Radius:IETF:Calling-Station-Id
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:Calling-Station-Id value = %{Radius:IETF:Calling-Station-Id}. Searching attributes from battery
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:NAS-Port}, error=No values for param=Radius:IETF:NAS-Port
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:NAS-Port value = %{Radius:IETF:NAS-Port}. Searching attributes from battery
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:NAS-Identifier}, error=No values for param=Radius:IETF:NAS-Identifier
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:NAS-Identifier value = %{Radius:IETF:NAS-Identifier}. Searching attributes from battery
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:User-Name}, error=No values for param=Radius:IETF:User-Name
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:User-Name value = %{Radius:IETF:User-Name}. Searching attributes from battery
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Radius:IETF:Event-Timestamp}, error=No values for param=Radius:IETF:Event-Timestamp
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750418 c=W000018f3-01-628b9070] WARN Core.PETaskRadiusCoAEnfProfileBuilder - addParamsFromParameterizedProfile: Failed to find finalValue for name= Radius:IETF:Event-Timestamp value = %{Radius:IETF:Event-Timestamp}. Searching attributes from battery
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750420 c=W000018f3-01-628b9070] INFO Core.PETaskPostAuthEnfProfileBuilder - getApplicableProfiles: No Post auth enforcement profiles applicable for this device
2022-05-23 15:47:28,559 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskRadiusCoAEnfProfileBuilder **
2022-05-23 15:47:28,560 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskPostAuthEnfProfileBuilder **
2022-05-23 15:47:28,560 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskAuthStatusInfo **
2022-05-23 15:47:28,560 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskOutputPolicyRes **
2022-05-23 15:47:28,560 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Starting PETaskSessionLog **
2022-05-23 15:47:28,564 [RequestHandler-1-0x7f44be5f2700 h=750424 c=W000018f3-01-628b9070] WARN IAT.NapIOAttrHolder - getSohrForOutput: Skip unknown appId=65535
2022-05-23 15:47:28,564 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskSessionLog **
2022-05-23 15:47:28,564 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskOutputPolicyRes **
2022-05-23 15:47:28,564 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - ** Completed PETaskAuthStatusInfo **
2022-05-23 15:47:28,564 [RequestHandler-1-0x7f44be5f2700 r=W000018f3-01-628b9070 h=750408 c=W000018f3-01-628b9070] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_SOAP_WEBAUTH Completed ***
2022-05-23 15:47:33,561 [HttpModule-ThreadPool-31-0x7f44eabf5700 r=W000018f3-01-628b9070 h=157] ERROR Http.HttpSession - execute: post::<easy_perform>, (error=28) Timeout was reached
2022-05-23 15:47:33,561 [HttpModule-ThreadPool-31-0x7f44eabf5700 r=W000018f3-01-628b9070 h=157] ERROR BaseExtSvr.ExtSvrSession - Unable to get next handle from manager with name=CnCService
"
The Clearpass does not seem to know on which the client is connected.
The Radius connection is working fine for 802.1X and I enabled dynamic authorization.
Do you have an idea what I did wrong? In general: Where does the OnGuard authentication get the NAS information from? As far as i undestand the process, the WEBAUTH is done by the OnGuard application. But the clearpass needs to know which port on which switch it needs to bounce to trigger a reauthentication. Where does the application and/or the clearpass get that informaiton?
Regards
Bernd
------------------------------
Bernd Borowski
------------------------------
Original Message:
Sent: Mar 12, 2020 05:26 AM
From: Herman Robers
Subject: Onguard heath check service not completing COA
I'd suggest to approach this step by step.
Does a manual CoA work (Change Status) in Access Tracker?
Do you see the RADIUS CoA tab on the original authentication? Does it show a successful CoA?
If it works fine manually, do you see the RADIUS CoA tab in the original authentication after the OnGuard WEBAUTH triggered the CoA?