Ok, I'll create another case... :)
thanks.
Original Message:
Sent: Dec 13, 2023 05:28 PM
From: skywave
Subject: Clearpass intune : HTTP attribute query returned error=404
Hmm not sure why that would be the case, unless the SAN field is referenced elsewhere in the service, or the HTTP auth source.
As Herman has suggested, it would be worth getting a partner or TAC involved who can look at the logs and configuration in its entirety.
Original Message:
Sent: Dec 13, 2023 04:49 AM
From: erik.boss
Subject: Clearpass intune : HTTP attribute query returned error=404
Changing to Compare CN only gave me the same error.
Original Message:
Sent: Dec 13, 2023 04:43 AM
From: erik.boss
Subject: Clearpass intune : HTTP attribute query returned error=404
Yes Compare CN or SAN.
I'll change it to Compare CN only
Original Message:
Sent: Dec 12, 2023 05:19 PM
From: skywave
Subject: Clearpass intune : HTTP attribute query returned error=404
Hi Erik,
I didn't see that issue in our deployment.
I wonder if you have Certificate Comparison enabled in your TLS authentication method?
Also we are using EAP-TEAP in our environment,
Cheers,
Chris
Original Message:
Sent: Dec 12, 2023 08:30 AM
From: erik.boss
Subject: Clearpass intune : HTTP attribute query returned error=404
Hi Skywave,
we are using the CN only in the SCEP profile, but I get the rlm_eap_tls: certificate does not have X509v3 Subject Alternative Name extension error.
Regards,
Erik
Original Message:
Sent: Nov 01, 2023 12:21 AM
From: skywave
Subject: Clearpass intune : HTTP attribute query returned error=404
I had the same issue, had to do two things:
1) It seems that using a SAN field with the URI including 'IntuneDeviceID://' doesn't work because ClearPass doesn't strip it off. I think ClearPass just wants the actual DeviceID value only.
I opted to not use the SAN, and just use CN={{DeviceID}} in the SCEP profile.
2) I am using the 'enableEndpointCache' value and only syncing certain attributes. I was not syncing the attributes that I was trying to populate with the HTTP authz source, so I had to add these.
Original Message:
Sent: Oct 31, 2023 10:57 AM
From: ahmetsarikaya
Subject: Clearpass intune : HTTP attribute query returned error=404
Hello Herman,
In the extension log that has been blurred we see the "Intune device name" returned
The endpoint DB has been synced and we see Intune attributes here. So when we look in the enpoints we see intune devices. However, we want to use http authorization mode.
assuming the device id needs to be configured in the certificate as shown in the clearpass documentation.
when using the source without authentication source, we get the same error.
Original Message:
Sent: 10/31/2023 10:25:00 AM
From: Herman Robers
Subject: RE: Clearpass intune : HTTP attribute query returned error=404
For the Intune Extension you would need the Intune Device ID as CN in your certificate and where you 'blurred' in the extension logs, should appear the Intune Device ID.
The 404 error suggests that the ID queried in Intune is not the Intune Device ID, or the device is not in the same Intune Instance, or the API permissions are not properly setup in Entra ID.
Did you configure synchronization to the Endpoint DB as well? And do you see the Endpoint Repository populated with Intune Attributes?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Oct 26, 2023 04:16 PM
From: ahmetsarikaya
Subject: Clearpass intune : HTTP attribute query returned error=404
We currently have an on prem AD that we check based on a computer certificate. We are now working on doing this with Intune devices based on EAP TLS. We use 1 root CA under which the local ad and intune users receive their certificate from another "issuing". Now we get the error 404 back.
We are using the following authentication source:
If we do not use role mappings, authentication works, even though we get the same error message. Is this more because clearpass knows our certificate. However, we want to make a distinction here with the following role mapping: