Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Making a new authentication server deletes a random older one!

SOCKMD_
New Contributor
‎01-22-2009 02:37:AM
‎01-22-2009 02:37:AM

Making a new authentication server deletes a random older one!

We have a clustered environment og two SA6000 boxes, in active/passive.

Our own company uses it, as well as a number of customers, on overall 16 IVSes so far.

We finally took the plunge and upgraded from 5.5R7 til 6.2R3.1. Release notes indicated this was an okay upgrade path to take, and I also called JTAC and had them confirm that this was the recommended release to upgrade to from ours.

After the upgrade though, we are seeing quite a few bugs!

The most serious one is regarding authentication server. If we try and make a new authentication server, of any kind, og any of teh IVSes, the system will automatically delete one of the older ones! On one of the IVSes it even deleted the authentication server called "Administrators", which normally can't be deleted. Realms and roles and so forth just map to the newly created one, if they mapped to the deleted one.

Anyone else seen anything like this? The odd thing, it's only a problem on IVSes made before the upgrade. If we make an IVS and create new authentcation servers, it works as intended. Problem is, we have a lot of local authentication databases, and have no way of exporting and importing all the users in these.

Have a JTAC case open on this, but so far they haven't come up with anything at all. So thought I'd post here too, in case anyone has seen anything similar.

Thanks in advance for any feedback you can provide on this.

0 Kudos
3 REPLIES 3
Mrkool_
Super Contributor
‎01-22-2009 10:31:AM
‎01-22-2009 10:31:AM

Re: Making a new authentication server deletes a random older one!

well from 5 to 6 was a major code change. I only have a handfull of Auth servers and we rarely create new ones so i can not help you with that but if you have a lab box have you tried upgrading to the 6.4beta and see if you the problem exists?
0 Kudos
kenlars_
Super Contributor
‎01-22-2009 01:26:PM
‎01-22-2009 01:26:PM

Re: Making a new authentication server deletes a random older one!

If you have a lab box or can break your cluster and persuade Juniper to give you licenses to run the passive device as a primary, I'd recommend using the function to duplicate an IVS to create a "new" IVS with the same authorization settings as an "old" IVS. This might give you a way to recreate your IVSs without having to reconfigure like crazy.

Ken

0 Kudos
SOCKMD_
New Contributor
‎01-27-2009 06:18:AM
‎01-27-2009 06:18:AM

Re: Making a new authentication server deletes a random older one!

I'm afraid the only lab box we have is a SA 700, and not much I can do with that on this particular issue.

Breaking the cluster is also not an option, as this cluster is in production and out customers paid good money to get redundancy, so we can't just take that away and hope nothing goes wrong while we've done this.

I actually tried making a new IVS on the production system, and choose to make it a copy of an existing one. The copy had the same error, so that doesn't solve anything, apparently.

Seems the case has just been escalated, so I'm hoping Juniper will take a more serious look at the problem now...

Thanks for your answers though guys.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.