Intune extension in ClearPass 6.12.4 has been behaved until now but just started using 90% CPU (User level), and more worryingly is not updating key attributes like Compliance status. My wireless dot1x policy requires Intune Compliance = Compliant, or InGracePeriod.
I have several cases now where the machine may have been of status 'nocompliance' briefly in Intune but had quickly resolved, however the status remained in the Intune extension populated endpoint attributes. I've tried Reinstall, Restart, changing some settings : syncAllSchedule (30mins -> 60), syncUpdatedOnly (false -> true).
The changes managed to bring the (User) CPU level down to normal which was very low, but the sync issues remain.
As a related issue, I am still using a policy that uses the Endpoint DB as Auth, and so it is using the MAC address which I want to move away from. This might now be a more pressing issue because several users have begun failing auth, and on investigation I've found the Wi-Fi MAC in Intune has changed - by only character, as if Intune has grabbed the MAC of a different adapter if the order of adapters got rearranged on the client (i.e. MIcrosoft Virtual Adapter). For this I assume I have to move to a policy of no auth and rely on authorization only - potentially via HTTP lookup.
Here is the extension config which is now version 6.4.1 after a recent update
{
"logLevel": "INFO",
"verifySSLCerts": true,
"azureADEndpoint": "login.microsoftonline.com",
"graphEndpoint": "graph.microsoft.com",
"tenantId": "xxx",
"clientId": "xxx",
"clientSecret": "********",
"syncPageSize": 50,
"enableSyncAll": true,
"syncAllSchedule": "*/60 * * * *",
"syncUpdatedOnly": true,
"syncAllOnStart": true,
"ignoreEndpointDifferences": "Last Sync Date Time, Free Storage Space in Bytes",
"enableEndpointCache": false,
"endpointCacheTimeSeconds": 300,
"intuneAttributes": null,
"enableUserGroups": false,
"userGroupUpdateSchedule": "*/30 * * * *",
"bypassProxy": false,
"enableStats": false,
"statsUsername": "xxx",
"statsPassword": "********"
}
Other observations:
- After deleting a problematic Endpoint from ClearPass, it will not add back from Intune via the extension. Even after restarts which is meant to perform a full sync and many hours later it has still not appeared. [edit - now assuming "updated" is relating to Intune context, not ClearPass, so extension skips without Intune information changing]
- Work-around by turning the "synconlyupdated' back to false and restarting but this causes the CPU spike for ~20minutes
- With DEBUG turned on there is still no mention of problematic MAC addresses or Entra ID's in the logs. It mentions things like:
[WARN] Unable to process a device <entra id> (No remaining MAC Addresses found for the device <entraid>. No Endpoints to update.).
[ERROR] Intune - There was a problem loading existing endpoints for the device <entra id> (timeout of 10000ms exceeded).
[ERROR] Intune - There was an error adding an endpoint with the MAC Address <mac> to ClearPass. Request failed with status code 422
[ERROR] Intune - {
validation_messages: [ 'Endpoint "<mac>" already exists' ],
type: 'http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html',
title: 'Unprocessable Entity',
status: 422,
detail: 'Endpoint "<mac>" already exists'
}
- As a work-around to the wrong MAC address (since it only affects a small number) I exported the Endpoint, modified the two entries of the wifi mac address then imported it back.