cancel
Showing results for 
Search instead for 
Did you mean: 

VPN Tunneling: IPv4 address cannot be allocated to user

Highlighted
New Contributor

VPN Tunneling: IPv4 address cannot be allocated to user

I'm installing the same Pulse Secure client on 30 computers in one domain. On some machines, no users can get an IP address with the error message: VPN Tunneling: IPv4 address cannot be allocated to user {domain}/{username}. Solution: Check IPv4 Address Pools / DHCP server state.

 

It's something about those particular machines because the same user can connect successfully on another machine. Also, the same user can connect successfully on that same machine but to a different Pulse Secure device in our office. 

 

There are plenty of IP addresses available in DHCP. All users and all machines are in the same OUs. Happens on older and relatively new machines, all running the same version of Windows 10.

 

We're dead in the water until we figure out why it's happening, seemingly randomly.

 

Versions 9.1R2 and 9.1R4.2 (build 5035)

Client versions 9.0.4 and 9.1.4

 

4 REPLIES 4
Highlighted
Moderator
Moderator

Re: VPN Tunneling: IPv4 address cannot be allocated to user

Do you restrict role assignment using Host checker policy?

How many user roles are being assigned to the users? one or many?

 

PCS Expert
Pulse Connect Secure Certified Expert
Highlighted
Occasional Contributor

Re: VPN Tunneling: IPv4 address cannot be allocated to user

Are you using DHCP server or static IP pools defined on the Pulse secure server?

 

If DHCP then the best way to troubleshoot is a tcpdump on the Pulse Secure internal interface for a working attempt and failed attempt of the same user. 

 

Workaround while you troubleshoot is to use the Pulse Secur static IP pools in the interim

Highlighted
New Contributor

Re: VPN Tunneling: IPv4 address cannot be allocated to user

We don't restrict role assignment, and it's one role.

Highlighted
New Contributor

Re: VPN Tunneling: IPv4 address cannot be allocated to user

We use a DHCP server, which also serves our MAG500 without issues. I'll have to figure out what you mean by "tcpdump on the Pulse Secure internal interface." 

 

We have since discovered that if you try to connect, wait until it cycles through, then cancel it and try again and again, eventually it connects. We now know that this happens on all computers to all users trying to connect to the PSA3000. There's something about this device that is misconfigured or it's a bug.