Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Host Checker incorrectly validating wrong realm

vitaliybabenko
New Contributor
‎08-21-2019 09:49:PM
‎08-21-2019 09:49:PM

Host Checker incorrectly validating wrong realm

Hello,

We have two realms set up.

  • Company Users
  • IT Only

We have a single host checker ("Company Host Checker") set up that looks for this:

  • Windows/Mac
    • BitLocker encryption (for Mac, it'll check for FileVault)
    • User certificate
    • Antivirus full scan age (within 7 days)
    • Antivirus update age (within 2 days)

For the "Company Users" realm, we have password authentication and host checker enabled.

For "IT Only" realm, we only have password authentication enabled.

 

However, when I try to connect to the "IT Only" realm, it still tries checking against the Host Checker. It would still connect successfully, but say that it is limited.

 

What is the problem? Did I do something wrong, or is that a bug? I'm trying to set up a third realm (and add a new host checker) for some company partners, but this bug/issue is giving me a headache.

 

Few things to note:

* Host checker is not enabled on the role-level.

* I have already ran a test with creating a third realm with their own host checker ("Partner Host Checker"). In that realm, I enabled the "Partner Host Checker". However, now it tried checking the original host checker ("Company Host Checker"), and the new "Partner Host Checker".

* I thought that maybe re-using roles within different realms can be the cause, so I created a new role and attached it to the new realm. Heck, I even disabled host checker. It still tried checking the original "Company Host Checker".

 

How do I solve this?

0 Kudos
4 REPLIES 4
r@yElr3y
Moderator
Moderator
‎08-29-2019 06:05:PM
‎08-29-2019 06:05:PM

Re: Host Checker incorrectly validating wrong realm

Do you have two realms mapped to the same sign-in URL?

 

If yes, then it expected to see the host checking process. Please map the user realms to a separate sign-in URLs and check the behavior.

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
vitaliybabenko
New Contributor
‎09-24-2019 08:46:PM
‎09-24-2019 08:46:PM

Re: Host Checker incorrectly validating wrong realm

Ray,

Appreciate you getting back to me. I have a few more questions that may hopefully clear some confusion:

  1. We don't use the browser to sign into the VPN and authenticate. We use the Pulse Secure Client. In the client, all we specify is the server domain, and then it asks for the selected realm. How would creating a new sign-in URL change this?
  2. How does using the same sign-in URL with different realms attached to it causes it to check against the first Host Checker? I thought that the host checker only gets activated when the specified realm has it set to "Evaluate Policies" and/or "Require and Enforce". The first realm has a host checker set to both checkboxes. The second realm that we created has no host checker requirements, yet is still being checked.
0 Kudos
rdumitrescu
Contributor
‎09-25-2019 06:13:AM
‎09-25-2019 06:13:AM

Re: Host Checker incorrectly validating wrong realm

If you have more realm on same sign-in page and one of the realms has the Host Checker set to enforce, than the normal behaviour is to run the Host Checker before you even can insert your credentials / select the realm because the HC enforced at realm level is done before authentication

r@yElr3y
Moderator
Moderator
‎09-28-2019 09:25:PM
‎09-28-2019 09:25:PM

Re: Host Checker incorrectly validating wrong realm

@vitaliybabenko: @rdumitrescu is correct. Smiley Happy
PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.