cancel
Showing results for 
Search instead for 
Did you mean: 

Machine authentication fails

tkrjukoff
Occasional Contributor

Machine authentication fails

Hi

We have setup a Certificate server for client machine authentication which will be used to set up a VPN before the client logs in to an AD.

We get an error I cannot troubleshoot due lack of log information.

- Host checker policy for Machine Certificate passes.

- Source IP realm restrictions are passed.

- Testing Certificate realm restrictions FAIL.

- Login failed. No Certificate.

I would like to get more detailed log information to pinpoint what goes wrong. Cannot find any advice how to get more detailed information in logs regarding this error message.

Cheers

Timo Krjukoff

5 REPLIES 5
r@yElr3y
Moderator

Re: Machine authentication fails

@tkrjukoff We capture a detailed level logs and search the debuglog.log file with string jamcertlib which would show events related to cert auth.

PCS Expert
Pulse Connect Secure Certified Expert
fsociety
New Contributor

Re: Machine authentication fails

@tkrjukoff Debug log file location - C:\ProgramData\Pulse Secure\Logging

or You can save the logs from the pulse client , open the zip file and navigate to Logs->Program Data - Debug log.

 

For Machine authentication, make sure you have only one machine certificate installed on the PC.

tkrjukoff
Occasional Contributor

Re: Machine authentication fails

I configure debugging as described in Using the Debug Log (pulsesecure.net). Clear the log, try to connect the client and then Save Debug Log. But the log file is encrypted and not readable. Pls advice.


Cheers

/timo

tkrjukoff
Occasional Contributor

Re: Machine authentication fails

Have no Client logs since we are in initial phase to get the PS Client from appliance. Point is to get a machine cert authenticated VPN before the user logs in his AD via the machine VPN.


Cheers


/timo

zanyterp
Moderator

Re: Machine authentication fails

@tkrjukoff based on the log message you, you are checking for two certificates: one in the machine store via Host Checker; one in the user store via realm restrictions (Users>Realms>realmName>Authentication Policy>Certificate)

you can also check the pulse client debug log at %programdata%\Pulse Secure\Logging\ for the certificate verification process