cancel
Showing results for 
Search instead for 
Did you mean: 

The quesiton regardress Host Checker.

Highlighted
Occasional Contributor

The quesiton regardress Host Checker.

Hello,this is Keigo.

I have questions regardress Host Checker on Pulse Secure Desktop Client.

 

1.If the realm level check and role level check are valid on Host checker,HC checks the enponint three times ?(①Primary Authentication ②Realm Check ③Role Check)

 

2.Are there 2 types of Host Checker on Pulse Secure Desktop Client?

(①Built-in Host Checker ②Host Checker in Pulse Secure Desktop Client)

 

3.If there are No.2 quesiton is correct,what is the different of Built-in HC and HC in PSC?

 

does enybody know?

4 REPLIES 4
Highlighted
Moderator

Re: The quesiton regardress Host Checker.

@Keigo 1) realm level HC check happens before authentication and role level HC check happens after authentication. If both are enabled, compliance will be checked two times before you get connected.

 

2) Two types of HC components, one is agentless HC (standalone HC component which gets installed through browser session) and another one is agent-based HC (this is the HC plugin present inside the PDC).


PDC HC is a plugin (C:\Program Files (x86)\Common Files\Pulse Secure\TNC Client Plugin\HostCheckerService.dll) whose context was created by the Pulse Secure Service EXE, however, the agentless HC is a separate application (dshostchecker.exe)

 

Operational wise, both are similar to get the job done Smiley Happy

PCS Expert
Pulse Connect Secure Certified Expert
Highlighted
Occasional Contributor

Re: The quesiton regardress Host Checker.

Thanks for reply r@yElr3y, 

 

1)When I connect VPN by using Web portal,the following flow is correct?(I am setteing PW and ID authentication and HostChecker which check the registory key)

(When i use vpn, I will enter the URL on Internet Explorer)

 

①User accesses sign in page(enter URL on IE)

②User sign in by using PW and ID

③realm level check will happen on agentless HC

④authentication

⑤Pulse Secure Client will start-up 

⑥role level check on agent-based HC

⑦VPN Connect

 

2)I have facing trouble on PSC.

When I connect VPN through Web Portal,the following logs on MAG and I cant connect sometime.

 

①Primary Authentication successful for ~~

②Host Checker policy "~~~" passed on host ~~~

③Login suceeded for ~~~ ~~~Realm

④Session resumed from user agent "Pulse-Secure/9.1.8.3143(windows)~~~

⑤VPN TunnelingSmiley Frustratedession started for user with IPv4 address ~~~

⑥User with IP ~~~ connected with SSL tansport mode.

⑦Host Checker policy "~~~~" failed on host ~~~ address ~~ user ~~ reason "~~~~"

⑧Active user "~~" in realm "~~~" is deleted sice user does not qualify reevaluated policies.

⑨VPN Tunneling: session ended for user with IPv4 address ~~~

⑩Closed connection to ~~ after 2 seconds ,with 0bytes reand and 0 bytes written.

 

I am setting same policy on realm level and role level checks.

Why I cant pass the second Host Check and What is the Second Check? 

I am setting realm and role Host Check and Dynamic policy evaluation isn't valid.

 

I look forward to hearing from you soon.
Yours sincerely,

 

 

Highlighted
Moderator

Re: The quesiton regardress Host Checker.

@Keigo 

When you login from IE and start Pulse Client, role level host check will be happen after authentication i.e. before you start the Pulse client, and it should connect with the help of DSID cookie transferred from the web session.

 

Do you have Dynamic Policy Re-eval on the user realm or on the host checker rule (monitor this rule for change)?

What do you see in the Pulse client debuglogs for the registry check?

 

 

PCS Expert
Pulse Connect Secure Certified Expert
Highlighted
Occasional Contributor

Re: The quesiton regardress Host Checker.

r@yElr3y 

r@yElr3y 

Thank you for reply.

 

I dont have Dynamic Policy Re-eval on the user realm and role on the host checker rule.

 

I saw the log,but i couldnt find where written about host checker.

So the debuglog is huge amount,how can I find the log about host checker?