Possibly there are the following issues:
- Either agent.conf is not present or corrupted. This usually can be caused by an AV/EDR software, or tools which are used to cleanup in the C:\Program Files\Aruba Networks\ClearPassOnGuard\etc\agent.conf.
- Premission issues on the local system or the logged on account for the user with privilege's read/write in the directory. Sometimes, if you have used hardening scripts or endpoint security policies, this can cause permissions changes.
- Registry not being populated as shown in your logs: GetRegistryValue: Cannot query Registry Key ... Value AgentConfig result=2.
- Mismatched version: clearpass server is pushing onguard packages but the endpoint is failing to update successfully
So check if:
- the agent.conf and agent-backup.conf exist in C:\Program Files\Aruba Networks\ClearPassOnGuard\etc\ or in the path your onguard is installed
- compare a working versus broken machine on the HKLM\Software\Aruba Networks\ClearPassOnGuard
- Make sure NT AUTHORITY\SYSTEM and local Administrators have full control on the ClearPassOnGuard folder.
- If you're relying on GPO/SSCM/Intune to push the agent, confirm it's not stripping the config files. (there are cases that Intune profiles silently delete .conf files when not whitelisted).
- Reinstalling works because it recreates the agent.conf. That would not scalable and it would be better to identify why this is getting this behaviour in the first place.
Also, have you notice a similar behavior happening only after a reboot / update / AV scan? That would narrow whether this is an endpoint security conflict or ClearPass deployment bug.
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP
Just an Aruba enthusiast and contributor by cases
If you find my comment helpful, KUDOS are appreciated.
------------------------------