cancel
Showing results for 
Search instead for 
Did you mean: 

Host Checker incorrectly validating wrong realm

New Contributor

Host Checker incorrectly validating wrong realm

Hello,

We have two realms set up.

  • Company Users
  • IT Only

We have a single host checker ("Company Host Checker") set up that looks for this:

  • Windows/Mac
    • BitLocker encryption (for Mac, it'll check for FileVault)
    • User certificate
    • Antivirus full scan age (within 7 days)
    • Antivirus update age (within 2 days)

For the "Company Users" realm, we have password authentication and host checker enabled.

For "IT Only" realm, we only have password authentication enabled.

 

However, when I try to connect to the "IT Only" realm, it still tries checking against the Host Checker. It would still connect successfully, but say that it is limited.

 

What is the problem? Did I do something wrong, or is that a bug? I'm trying to set up a third realm (and add a new host checker) for some company partners, but this bug/issue is giving me a headache.

 

Few things to note:

* Host checker is not enabled on the role-level.

* I have already ran a test with creating a third realm with their own host checker ("Partner Host Checker"). In that realm, I enabled the "Partner Host Checker". However, now it tried checking the original host checker ("Company Host Checker"), and the new "Partner Host Checker".

* I thought that maybe re-using roles within different realms can be the cause, so I created a new role and attached it to the new realm. Heck, I even disabled host checker. It still tried checking the original "Company Host Checker".

 

How do I solve this?

4 REPLIES 4
Moderator
Moderator

Re: Host Checker incorrectly validating wrong realm

Do you have two realms mapped to the same sign-in URL?

 

If yes, then it expected to see the host checking process. Please map the user realms to a separate sign-in URLs and check the behavior.

Pulse Connect Secure Certified Expert
New Contributor

Re: Host Checker incorrectly validating wrong realm

Ray,

Appreciate you getting back to me. I have a few more questions that may hopefully clear some confusion:

  1. We don't use the browser to sign into the VPN and authenticate. We use the Pulse Secure Client. In the client, all we specify is the server domain, and then it asks for the selected realm. How would creating a new sign-in URL change this?
  2. How does using the same sign-in URL with different realms attached to it causes it to check against the first Host Checker? I thought that the host checker only gets activated when the specified realm has it set to "Evaluate Policies" and/or "Require and Enforce". The first realm has a host checker set to both checkboxes. The second realm that we created has no host checker requirements, yet is still being checked.
Occasional Contributor

Re: Host Checker incorrectly validating wrong realm

If you have more realm on same sign-in page and one of the realms has the Host Checker set to enforce, than the normal behaviour is to run the Host Checker before you even can insert your credentials / select the realm because the HC enforced at realm level is done before authentication

Highlighted
Moderator
Moderator

Re: Host Checker incorrectly validating wrong realm

@vitaliybabenko: @rdumitrescu is correct. Smiley Happy
Pulse Connect Secure Certified Expert