I have an interesting problem after an upgrade to SA 7.3R5 on MAG series appliances. I have some user that login fine then Host Checker appears to run, twice, and indicates a good check but the users fail to login with a "No Rolls" error. The failed check is only for supported active AV software of various types and versions.
I have tried all the usual stuff, clearing the cache, removing (including deleting all Juniper directories on the machine after uninstall) and letting the gateway re-install all software required by the gateway, and nothing seems to fix the issue. The one interesting thing is that I can login with a different user account on these machines and login to the VPN gateway without issue. So that leads me to believe that there are some artifacts being left on the impacted windows user account even after uninstalling all software that is preventing the Host Checker software from running correctly.
Anyone have any insight on this issue?
Can you look at the user access logs and policy trace for the user, you can attach them here.
I know this is extreme, but could you recreate one the user proflie? It sounds like a user profile corruption. The trace logs should reveal a lot more of what is happening.