Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SoH & Windows Native Client

angel.hernandez_
Occasional Contributor
‎10-04-2013 09:44:PM
‎10-04-2013 09:44:PM

SoH & Windows Native Client

Hello,

I'm trying to get my Windows native clients work with SoH Checks...
I already have the SoH License for the IC6500.

I have created a Custom SoH Check and assigned it to a test role.
The configured Authentication Protocols I have (in order) are:
EAP-TTLS
EAP-TLS
EAP-PEAP

for EAP (in order)
EAP-SOH
EAP-JUAC
EAP-MS-CHAP-V2

In my windows 7 client machine I enabled the native supplicant and configured
EAP-MS-CHAPv2
Also, enabled the EAP enforcement client as stated in:
http://technet.microsoft.com/en-us/library/cc730643.aspx

But it all fails when I try to establish a connection.
The user authentication log shows:
"Host checking is not possible with this protocol"
The policy trace shows:
"Host checker restriction check failed for role SSH"

What am I missing?
Is this supposed to work with MS-CHAPv2 or how do I enable a different authentication protocol ?

I'm attaching a .docx file with several screen captures of the log and the trace policy screen

Thanks for your help!!
Angel

0 Kudos
4 REPLIES 4
apaul_
Regular Contributor
‎10-06-2013 11:14:PM
‎10-06-2013 11:14:PM

Re: SoH & Windows Native Client

Would it be possible for you to enable radius diagnostic logging and provide the logs after capturing the failure event.

Troubleshooting -->  Monitoring  --> RADIUS

0 Kudos
angel.hernandez_
Occasional Contributor
‎10-07-2013 08:39:AM
‎10-07-2013 08:39:AM

Re: SoH & Windows Native Client

Thanks for the reply

 

Here you go

Smiley Happy

0 Kudos
angel.hernandez_
Occasional Contributor
‎10-07-2013 09:24:AM
‎10-07-2013 09:24:AM

Re: SoH & Windows Native Client

I also, spotted this:

 

AUT24804 2013-10-04 19:34:38 - ic - [127.0.0.1CNBYV\userssh123(ActiveDirectory)[] - Host Checker policy 'SoH 1' failed on host '' address '60-eb-69-xx-xx-xx' for user 'CNBYV\userssh123' reason 'La IMV no ha recibido informaciÑn sobre esta conexiÑn.'.

 

"La IMV no ha recibido informaciÑn sobre esta conexiÑn" would be:

"IMV hasnÇt received information about this connection" 

 

Hope that helps 

0 Kudos
angel.hernandez_
Occasional Contributor
‎10-10-2013 11:36:AM
‎10-10-2013 11:36:AM

Re: SoH & Windows Native Client

Solved.

Thanks for Prateek from JTAC.

 

If you are running into the same issue:

 

Make sure you have ESAP updated on your IC. 

Try with different policies (not only antivirus or firewall). An issue could be you Windows communicating the state of a particular product (AVG, Avast, etc) to the IC (so try different products).

 

 

 

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.