On some Wifi connections that use captive portal the Pulse Secure 'Hotspot authentication' page appears but states 'cannot reach this page' when trying to access http://www.msftconnecttest.com, and Wifi fails to complete connection.
Lockdown mode is enabled so will i need to create a rule to allow this address so connection can complete?
Just to note this only happens on some captive portals others connect through fine.
@zanyterp Hi. Just been testing this morning, at first i thought it was something in the lockdown exceptions so i removed these and set lockdown exception to 'false', retried and problem persisted. I then turned off the captive portal option within the Pulse Client config and it connects to the Wifi in question all ok.
Its just a Free Wifi open connection within a local establishment which has some T&C's to accept to get online. It is odd how when Pulse captive portal option is turned off the device just connects straight through to the connection without having to accept the T&C's but Pulse is not involved at this stage so must be a Microsoft thing.
We're curently using Pulse Desktop Client v9.1.13 (11723). Think its worth retrying with the latest client before raising a case? i havent checked the release notes yet so unsure if this is an issue thats already resolved. Thanks.
@zanyterp Hi It seems to be the Pulse Captive Portal detection thats causing the problem, when this is turned off it connects to the Wifi in question all ok.
When captive portal detection is enabled a wireshark capture shows the lookup to www.msftconnecttest.com and is resolved, but Pulse displays the 'cannot reach page' within its embedded browser.
Im on client 9.13 so will retest on latest 9.14 before logging a case.
I've ran into this issue and the problem was with hotspot provider. The hotspot provider had a whitelist of networks that didn't require the guest to be authenticated. The IP address that www.msftconnecttest.com and msftconnecttest.com resolved to matched with one of the networks on their whitelist.
Some knowledge about msftconnecttest if you are not aware.
When Windows detects a network connection, it performs a test to detect the properties of the network. The network traffic is getting redirected to msftconnecttest and this is by design. The network icon on the task bar will show a symbol and will say either No connectivity, Limited Internet access, or Internet Access.
When the Pulse Client dectects a hotspot, it opens an embedded browser. The first URL it's going to is www.msftconnecttest.com. Since the IP address of www.msftconnecttest.com was on the that whitelist, the traffic wasn't being redirected to the captive portal for the guest to authenticate. I worked with the hotspot provider and they updated the configuration on their end to require guest authentication to msftconnecttest.
Every hotspot is different and we can't troubleshoot them all.
Thanks SuperG, after investigating it was exactly how you describe, i also found that our Group Policy was also blocking the connection so had to add www.msftconnecttest.com endpoints to allowed list in the Windows Firewall Group policy settings. Hopefully thats sorted most, but as you say as each captive portal is configured differently so impossible to troubleshoot all. Cheers.