Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Machine authentication fails

tkrjukoff
Occasional Contributor
‎01-26-2021 11:22:PM
‎01-26-2021 11:22:PM

Machine authentication fails

Hi

We have setup a Certificate server for client machine authentication which will be used to set up a VPN before the client logs in to an AD.

We get an error I cannot troubleshoot due lack of log information.

- Host checker policy for Machine Certificate passes.

- Source IP realm restrictions are passed.

- Testing Certificate realm restrictions FAIL.

- Login failed. No Certificate.

I would like to get more detailed log information to pinpoint what goes wrong. Cannot find any advice how to get more detailed information in logs regarding this error message.

Cheers

Timo Krjukoff

0 Kudos
5 REPLIES 5
r@yElr3y
Moderator
Moderator
‎01-28-2021 11:28:PM
‎01-28-2021 11:28:PM

Re: Machine authentication fails

@tkrjukoff We capture a detailed level logs and search the debuglog.log file with string jamcertlib which would show events related to cert auth.

PCS Expert
Pulse Connect Secure Certified Expert
fsociety
Occasional Contributor
‎01-29-2021 12:24:AM
‎01-29-2021 12:24:AM

Re: Machine authentication fails

@tkrjukoff Debug log file location - C:\ProgramData\Pulse Secure\Logging

or You can save the logs from the pulse client , open the zip file and navigate to Logs->Program Data - Debug log.

 

For Machine authentication, make sure you have only one machine certificate installed on the PC.

tkrjukoff
Occasional Contributor
‎01-29-2021 01:22:AM
‎01-29-2021 01:22:AM

Re: Machine authentication fails

I configure debugging as described in Using the Debug Log (pulsesecure.net). Clear the log, try to connect the client and then Save Debug Log. But the log file is encrypted and not readable. Pls advice.


Cheers

/timo

0 Kudos
tkrjukoff
Occasional Contributor
‎01-29-2021 01:24:AM
‎01-29-2021 01:24:AM

Re: Machine authentication fails

Have no Client logs since we are in initial phase to get the PS Client from appliance. Point is to get a machine cert authenticated VPN before the user logs in his AD via the machine VPN.


Cheers


/timo

0 Kudos
zanyterp
Moderator
Moderator
‎01-30-2021 08:16:AM
‎01-30-2021 08:16:AM

Re: Machine authentication fails

@tkrjukoff based on the log message you, you are checking for two certificates: one in the machine store via Host Checker; one in the user store via realm restrictions (Users>Realms>realmName>Authentication Policy>Certificate)

you can also check the pulse client debug log at %programdata%\Pulse Secure\Logging\ for the certificate verification process
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.