No matter which laptop I try from (tried 2), I get the error every time the username and password are entered (tried 2 usernames as well). My laptop can connect to other SSL VPN pulse connections without problem but fails on this one. The same user accounts work just fine when using the Network Connect client to the same SSLVPN. I have migrated all of the relevant role mappings and other settings to support the us eof Pulse. I have done a number of Pulse deployments and have never run into this before so as far as I can tell this one isn't my fault
Thanks for the findings,
Looks like this issue is fixed in 7.2x + pulse 3.x combination as per your update
Does your policy trace give anything interesting?
Are you using any pre- or post-auth mechanisms that are unique to this deployment?
I would recommend saving all logs (in detail level) and open a case with JTAC.
I recently encountered the same issue. It appeared to occur when I enabled Host Checker remediation options for Antivirus (Download latest virus defs, Turn on real time protection, start antivirus scan) or Firewall (Turn on Firewall)
Has anyone else used these remedation options? Is this a known issue with the IVE
btw i am running ver7.1R1 (latest) on an SA-4000.
The message "exceeds maximum fragment 100000" seems to indicate that its hitting a limit. This might be related to large number of HC policies (like check for *all* supported AVs, Firewall, etc) Does it work if you reduce the number the HC policies? In either case I would recommend opening a JTAC case for this.
how is it possible that juniper still did not fix this issue?
It's about year and a half that a case regarding this issue had been opend @ JTAC :'( (and Closed by jtac..)
Still no Fix implemented in Pulse - any update on this?
NULL: was there anything noted by jtac before they closed the case?
if we can't replicate an issue or get full logs, yes, it is possible there is no fix yet.
This issue should be fixed in 7.2R1 and higher. What release are you seeing it on and can you provide some more details on your endpoint policies config?
have had enabled all Firewall Products, and limited to a few AV Vendors (because we had the problem in prior..) also we do have enabled patch assessment for Win7/WinXP/WinVista and Operating System assessment.
It's realy nice to see that fixed bugs (if you're right) like this horrible one won't get into release notes ...
We are actualy using:
HostChecker: 7.1R7 (build 20581)[7.1.7-20581(1716)