- Pulse Secure Community
- :
- About wotsit_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
wotsit_
Occasional Contributor
10
Posts
0
Kudos
0
Solutions
06-14-2011
12:50:AM
The issue is as per the latter scenario, i.e. all users are on a single Citrix session. However, surely the behaviour should be the same as through a single NAT IP address, or am I missing something? Thanks
... View more
06-13-2011
07:50:AM
HI I am hoping this is an easy question to answer!! Simply, we have a number of users that access the SA and use Network Connect but all from the same source IP address. When the first users accesses the SA they sign in as expected, and can work as normal once NC launches. Any subsequant users that access the SA do not need to sign in at all, and as soon as the first user logs off, all the users are logged off - both of these scenarios are quite an issue!! Is there any means of resolving this at all so that each user is forced to log in, and they do not interact with each others session? Thanks
... View more
08-25-2009
08:17:AM
Dean, how are you delivering the Citrix apps, are you using J-SAM, W-SAM, CTS or some other method? There is a seeting under Roles>[role name]>Session Options lablelled Idle timeout application activity however I do not know if this is relevant in this instance. If you are deivering via J-SAM you should be able to see the byte counters increase as activity occurs within the Citrix environment
... View more
08-25-2009
08:13:AM
net_sec, if you are directing users to a Citrix Web Interface page once singned in to the Juniper, then you should be able to configure a form post to allow SSO to the Citrix environment - one thing I would check is that the Juniper is sending <USERNAME> and not <USER>. A good starting guide is https://download.juniper.net/software/ive/docs/supplemental/how-to/How_To_Remote_SSO_for_Citrix_Nfuse.pdf
... View more
08-25-2009
08:01:AM
I do believe that if the AD is set to lock out after 3 incorrect login attempts, then this will still be enforced via the Juniper access. Therefore if a users attempts to log in via Juniper incorrectly 3 times, then you should see the account be locked out in AD.
... View more
08-18-2009
09:56:AM
There is no specific way to add a VNC session inline like you can with RDP. You will have to set up a WSAM connection and configure the various VNC servers/hosts as allowed connections on TCP 5900 I believe
... View more
08-18-2009
09:52:AM
If the upload session is managed by a SAM then the data transfer should count towards the idle timeout, and as such, the session should not time out for being idle - however if the max session length is reaced then this will be enforced. What is your idle session set to under the relevant role? One other thing that may be worth looking at is the Idle Timeout Application Activity option under RoleName>General>Session Options I think.
... View more
04-28-2009
11:02:AM
We have just configured our 6.4r1 OS using a Active Directory/Windows NT auth server. This has been running fine for a few weeks now and allowing users to authenticate against the AD based on group lookups. However today the SA's were rebooted and since the reboot users are unable to log in. Tracing the issue it appears that the computer location being requested/sent by Junipers is incorrect. Our computers are stored in CN=computers, dc=company,dc=domain,dc=com (as an example!) On a TCPDump the Juniper is trying to access OU=CN=computers, dc=company,dc=domain,dc=com, which of course is invalid, and being rejected by the AD. If I remove the CN= from CN=computers, then Juniper requests ou=computers, dc=company,dc=domain,dc=com - basically it is sticking the ou= on the front of the syntax. Any ideas? Production: Clustered SA6500-FIPS running 6.5r2 Development: Single SA2000 running 7.1r1
... View more
04-28-2009
10:24:AM
This may be a long shot, but a long time ago I had a similar issue and the issue was with the format of the SSO credentials. I think by default the user crendential is defined as <USER>, changing it to <USERNAME> worked in my instance. Message Edited by wotsit on 04-28-2009 10:24 AM
... View more
04-28-2009
10:21:AM
Users connecting to the VIP should only be passed to the active node in the cluster. It does sound as though some users have bookmared the IP address of the passive node and as such are hitting it. Is there any infomration from the log files what IP address the handful of users are coming from? May be you could identify them from that and then ask themto use the VIP. The only other option would be if the DNS name has not been updated properly, or users are pointing to a name that still directs to the Passive nodes IP.
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
