Showing results for 
Search instead for 
Did you mean: 

GINA and HostChecker for new Windows domain users


GINA and HostChecker for new Windows domain users

I just opened a case on this, but I wanted to know if you guys had any insight on this issue.  We are having a problem with users that haven't yet logged into a new PC that they are using for the VPN.  They enter their window credentials, then they receive the following error - "HostChecker is not installed for current user.  Please login without using Juniper GINA and install HostChecker through web browser. ("

Since some of these users are remote with new PCs, they don't yet have a Windows profile for HostChecker to be installed under. KB article KB11589 appears to hit on the issue, but with no real solution as the end result to these remote users is that they can't even log into Windows to be able to log into the VPN and have HostChecker install. Is there something we can do either on the VPN or the client side to install HostChecker for "All Users" that may not even have a Windows profile yet?

We currently have HostChecker running at the realm level before a user is prompted for their credentials. We've tossed around moving that requirement down to the role level, but I don't want to re-arrange everything if there's another option.


Re: GINA and HostChecker for new Windows domain users

Dont know if you resolved this but we are having a similar issue here.

We are tryin to use the Gina client for our DR site on new machines which are pushed out. Of course, no user has logged into these before, so a "new profile" is always created. NC is configured as a Gina setup.

New user logs in and cant use HC because it is not installed.

Using a certificate check on the role or the realm level presents "you are not allowed to sign in" because the cert check cant find the certificate on the local machine.

So no new users can log on and use gina.

Respected Contributor

Re: GINA and HostChecker for new Windows domain users

It is not possible to install Host Checker for all users, including those without a profile yet-created; it has to be profile-by-profile.

On the VPN side you could create a new realm that doesn't have the Host Checker policies and allow login to be able to connect to the IVE and install Host Checker through the web.

How are users able to launch GINA if they haven't connected from the IVE before, as Network Connect needs to be installed to allow the connection for GINA?