Hi
I don't think it matter, because you have already lost the communication between the two nodes.
You may need to drop the node on both from the publisher and the subscriber side due to the lost communication. Start from the publisher side and see if the subscriber can react to the operation. If not, drop it also from the subscriber.
Check also the second checkbox in the drop subscriber dialog to retain the configuration of the server.
During the operation to drop and the following operation to make it a subscriber again, the server will not be able to respond to authenitcation requests.
If your network infrastructure, such as switches and WLAN, doesn't have redundant Radius configuration you should perform the operation outside office hours.
Also keep in mind that if the cluster have VIP addresses configured, you need to remove the VIP configuration from the subscriber before the drop is tried.
------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDP, ACNSP, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Dec 06, 2022 08:07 AM
From: Stewart Smith
Subject: Clearpass database cert renewal
Do I drop the subscriber first, then update the certificate or does it not matter?
Original Message:
Sent: Dec 06, 2022 07:01 AM
From: Stewart Smith
Subject: Clearpass database cert renewal
Ok, its more than 24 hours so I will need to drop the subscriber.
Original Message:
Sent: Dec 06, 2022 04:42 AM
From: Jonas Hammarback
Subject: Clearpass database cert renewal
Hi
Depending on how long time the database certificate have been invalid the subscriber can automatically reconnect to the publisher. If the certificate expired less than 24 hours ago the subscriber will hopefully connect back to the Publisher without any issues.
But if the time is more than 24 hours since the certificate become invalid, you must drop the subscriber and make it a subscriber again.
If needed to drop the subscriber, do not clear the configuration. This way you will have the correct certificates installed in the trust list needed to make it a subscriber again.
------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDP, ACNSP, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Dec 06, 2022 04:20 AM
From: Stewart Smith
Subject: Clearpass database cert renewal
I have a Clearpass cluster with two members. The database certificate has expired causing the cluster to break. I am going to renew the database certificate with a self signed one and reboot the publisher. I am looking for some help on the process required.
After i update the publisher certificate, will the subscriber rejoin the cluster or do I need to import the certificate to it first?
Will I need to drop the subscriber and re-add to the cluster?