I have a number of users that are experiencing the same issue...after Hostchecker initiates on the client...they do NOT get a fail message, but get to the SSL VPN login screen but the Realm dropdown (I have 3 Realms configured) is missing and when they put in their username and password, they are denied because they are not signing into the proper Realm.
Has anyone else experienced this?
I have recently upgraded to release 6.5R3.1 and ESAP v1.5.9 on a SA4500 box with Hostchecker Policy enabled at the Realm level for Windows users.
Do all three realms have host Checker Restrictions? And are you evaluating host Checker policies of Enforcing them at realm level?
I'm not sure of the issue you are running into however assuming only 2 of the 3 realms associated with that sign-in URL's have a HC policy enforced at realm level, then if the HC policy fails and *if* no remediation actions for the HC policy are configured then user will automatically be taken to the sign in page and will login into realm 3. However if any remediation action is configured then user should be taken to the Remediation page.