Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PPS auth problems

gabriel24
Occasional Contributor
‎02-25-2019 01:10:AM
‎02-25-2019 01:10:AM

PPS auth problems

Hello all

 

We recently upgraded to pps 5.4R7(it's a mag6610, so it's the latest we can go) last Friday. At the begining there were no problems, but lately we see more users failing to authenticate althouth in the logs the user is accepted and all the correct attributes are returned. It maybe a coincidence that this happened after the upgrade and I need to exclude the possibility in order to look elsewhere. The only issue logged in radius is the message 

 

"Session Termination Attempt in response to Radius Disconnect Request for Auth Server 'INVALID' did not succeed, leading to a Disconnect-NAK. Reason: Invalid request."

 

There is no information I could find for this. Can anyone please give me any information regarding this message?

 

Labels:
0 Kudos
Reply
5 REPLIES 5
zanyterp
Moderator
Moderator
‎02-25-2019 10:01:AM
‎02-25-2019 10:01:AM

Re: PPS auth problems

What switch are you using? Did you change any of the CoA configuration when you upgraded?
I would recommend opening a case with our support team for further investigation
0 Kudos
Reply
cbrauckmiller
Frequent Contributor
‎02-25-2019 10:15:AM
‎02-25-2019 10:15:AM

Re: PPS auth problems

Adding to the previous comment:  you can use the TCP DUMP feature in PPS to see what data is hitting the wire between PPS and the switch.  We'd need to know if the switch is sending back an error or if PPS is the source of the error.  After auth, you will see the RADIUS Access-Accept and then a COA message going out to the switch.  If the switch NAKs the message, we'd need to know what the reported error in the TCP DUMP shows. 

 

Additionally, you can turn on the RADIUS diagnostics in PPS and collect our logs to see if they give more information as to the reason of the failure.

 

Thanks

 

Craig Brauckmiller

Pulse Secure

0 Kudos
Reply
gabriel24
Occasional Contributor
‎02-26-2019 12:45:AM
‎02-26-2019 12:45:AM

Re: PPS auth problems

The switches are juniper ex 4200 VCs. I haven't noticed the TCP DUMP funtion. I will use to trace the packets and hopefully find something more helpfull.

 

Thank you for your help.

0 Kudos
Reply
spuluka
Super Contributor
‎03-09-2019 04:29:AM
‎03-09-2019 04:29:AM

Re: PPS auth problems

tcp dump on the ex switches only has access to control plane traffic destined to local routing engine.

 

You would need to use a port mirror for the capture.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB10878

 

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home
Reply
zanyterp
Moderator
Moderator
‎03-11-2019 09:46:AM
‎03-11-2019 09:46:AM

Re: PPS auth problems

Thank you for the update & clarification, @spuluka
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.