Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

certificate based machine authentication

koos147
Occasional Visitor
‎03-27-2020 06:42:AM
‎03-27-2020 06:42:AM

certificate based machine authentication

Good day,

 

we currently have a simple setup.

User logs in to theire desktop start the pulse client and manualy connect.

This works fine for users that work a day from home.

but it gives some issue's when users work from home all the time.

so we want a pre-login connection

in a test lab i enabled the pre-desktop login. wich works but it makes the login much slower.

 

A better solution would be to use the machine account.

best solution would be

1. computer boots and connect to the network

2. Pulse connect with a restricted connection to a read only domain controller

3. user login / get new groups / gets user gpo's

3. user account takes over the pulse connection and get full access.

 

however when i try to use a machine connection 

Info	AUT24327	2020-03-27 14:24:05 - ive - [**ip**] **domain**\computer1$(Machine)[] - Primary authentication failed for **domain**\computer1$/**domain**from **ip**
Info	AUT30923	2020-03-27 14:24:05 - ive - [**ip**] host/computer1.**domain**.local(Machine)[] - Active Directory authentication server '**domain**' : Received NTSTATUS code 'STATUS_WRONG_PASSWORD' .

the authentication service **domain** is Active directory

i also tried to use the device certificate (provided by our local certificate store) but i don't understand how i can add this as authentication service.

there is an option for certificates but as far as i understand it this is a local pulse hosted certificate store?

 

any help would be appriciated.

Kind regards

Mark

0 Kudos
1 REPLY 1
r@yElr3y
Moderator
Moderator
‎03-27-2020 04:55:PM
‎03-27-2020 04:55:PM

Re: certificate based machine authentication

Hi @koos147,

 

Machine tunnel using machine authtentication will not work in latest version of Windows due to encrypted LSAs which can be done using a registry hack (not recommended by MS).

 

If you have a machine certificate installed on the user computers, then all you need is to create an cert server auth instance on the VPN server by navigating to Authentication >> Auth servers >> Choose Certifcate server from the drop down >> Add >> Modify the parameters, if need >> Save changes.

 

Obtain a copy of the CA certificate and upload it under Configuration >> Certificates >> Trusted client CA.

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.