cancel
Showing results for 
Search instead for 
Did you mean: 

PCS Machine or User Connection

SOLVED
tkrjukoff
Occasional Contributor

PCS Machine or User Connection

Hi

Posted related questions earlier in this forum regarding machine certificate authentication and then AD authentication. Finally have sorted out CA, AD problems I've had involving CA in one domain and Client AD in another.

Machine certificate VPN kicks in as it should before client login. Used the PS server sign-in page for Machine-realm-role... to get it installed in the client. But when I log in the AD (routed via Machine VPN) the second VPN (AD authenticated) doesn't kick in but the Machine VPN stays up.

Do I need to sign in the AD authentication Sign-in page as well to get that VPN profile into my client as well. Have no documentation that I can find this particular part how to proceed?

In my Connection Set I have created a Connection that specifies the Machine Realm and Role Set and also the AD Realm and Role Set.


Cheers

Timo Krjukoff

1 ACCEPTED SOLUTION

Accepted Solutions
r@yElr3y
Moderator

Re: PCS Machine or User Connection

@tkrjukoff You need to have two realms mapped to the same sign-in URL since there are two different type of auth used (Cert & AD) and provide preferred realm for machine (Cert realm) and user (AD realm) authentication in the Pulse Client connection set along with the identity set to use machine or user.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

2 REPLIES 2
r@yElr3y
Moderator

Re: PCS Machine or User Connection

@tkrjukoff You need to have two realms mapped to the same sign-in URL since there are two different type of auth used (Cert & AD) and provide preferred realm for machine (Cert realm) and user (AD realm) authentication in the Pulse Client connection set along with the identity set to use machine or user.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

tkrjukoff
Occasional Contributor

Re: PCS Machine or User Connection

Hi.

I figured it out at last and got it working last week. Hard part with this has been lack of "the whole picture" how-to-do examples, had problems to get the private keys exported which gave us headaches with PS not finding the machine certificate. Besides that we're doing this with CA in one AD domain and the client SW running in another over a mobile connection. None of us is an expert neither in MS AD nor DNS zone transfers or trusts.


Cheers

/timo