i have done that but i dont appreciate anything strange

i dont think its a communication problem because its works with any rules and users.

OK; thank you for checking.

Unfortunately, there is a timeout happening when connecting for some reason on the failing scenario. While that is happening, the group membership will fail.

How many users are in that group?

Is the user a member of many groups or just the one?

there are 3 users in that group and its work correctly with all the users until i add a rule for other group or user.

the users belong to several groups

i think this is my problem http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB22403&cat=ssl_vpn&actp=LIST

i have installed version 7.1R5.

i have 2 junipers ACTIVE/PASIVE. the first one is working correctly but the second cant reachable the AD (i think i have to open ports in the firewall) maybe for this reason this is happening??? i dont think so because the main is working OK with the AD.

THANKS

The message is the same; but because you are on 7.1R5 my expectation is that the root cause is different.

Though, yes, if your secondary device cannot connect to the AD then there will be problems logging in because the connection to the domain controller will fail

ill try to open the ports in the firewall tomorrow.

Yes but the secondary device is not being used (PASIVE)

I have to solve this error before wednesday

THANKS

OK; I thought that was noted as you were logging in directly to the second node for your testing and it is failing. Sorry  for misunderstanding.

Can you send me the TCP dump and your server IPs through a private message to look at as well? I know you will be working with support tomorrow, but I would like to try and see if I can spot anything.

i dont think i can give you this information. sorry.