The debuglog is not in detailed mode, so a lot of info are lost. Your issue could be related to the tcp keep-alive packets. Can you run a wireshark capture on your physical adapter while connected in VPN and search for the tcp keep-alive packets between your computer and the VPN concentrator IP? ... View more

Hi Filippo,   what you are seeing is a known issue: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB45227/ Do you use LDAP(s) or AD for the user auth?     ... View more

@zanyterp  @pwallace  hey guys, I really don't understand why inside the community, you don't offer a download portal for the end-users. The Windows ARM users suffered for a long time because it wasn't supported and now that is supported and a PDC version is available seems that no one is getting it from their IT team. What a shame.   ... View more

The ARM msi is: ps-pulse-win-9.1r14.0-b13525-ARM64bit-installer.msi, you tried the x64, that's why it failed. Not sure if I'm allowed to post an link to external resources. Do you have an account on my.pulsesecure.net or can you ask the ps-pulse-win-9.1r14.0-b13525-ARM64bit-installer.msi installer to your admin? ... View more

The 9.1r14 introduced the ARM version for Windows. Did you tried it? https://help.ivanti.com/ps/help/en_US/PDC/9.1R14/spg/arm64featurelist.htm ... View more

Does Intune Autopilot let you log the installation? I believe that under the hood, msiexec is used. If so try to log the installation using /l*v <path to log> parameter. Between your lab setup and the enviornment where the issue is faced what does change? The AV? Based upon AV settings, the drivers installation could be blocked. ... View more

which version did you installed? 9.1r9 and onwards is installed under /opt/pulsescure Under /opt/pulsescure/bin, you can find the pulselauncher binary: pulselauncher [-U signinUrl] [-r realm] [-l role] [-c cert] [-u username] [-p password] ... View more

Yes, you can integrate the authentication between PCS and FAC using RADIUS. Keep in mind that you have to configure a radius rule in order to be able to use the 2FA. https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB22557/   As a very general advice, the strength of PCS compared to the SSLVPN offered by the firewall itself is that is a dedicated VPN solution so it has more options. ... View more

Well, in my case using Advanced HTML5 RDP and Windows 2019 everything is working properly. What clicking on "Your position" does, is opening "Run" and executing \\tsclient\Cloud Storage\ Try to do the same manually. Also in your case maybe there is some local GPO on the Windows server that prevents you to map the tsclient share. ... View more

Once connected, if you click inside the HTML5 RDP connection you should be able to see 3 icons appearing: a cloud icon, an "i", icon and a vetical bar icon. By clicking on the cloud icon you are able to share the files between your client and the remote desktop. On the remote desktop you should see a network disk as "Cloud storge on <your name>" if not, just click on the cloud icon and then on "Your position" in the upper left corner. ... View more

After you upgrade to 9.1r11.5 you have to remove the xml file applied previously. In the download area of my.pulsesecure.net you can find the ps-pcs-sa-44800-remove-workaround-2105.xml file that needs to be imported in order to can use again the file browser feature.   Check the kb for all the details: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/ ... View more

The message "The server configuration requires the application to be pre-installed on your machine." makes me think that probably the "Enable web installation and automatic upgrade of Pulse Secure clients" option is disabled on the server side and you don't have preinstalled the Pulse Secure Client before you tried to connect. Do you have the Pulse Secure Client installed? If not you need to install it first and then try again. If you don't have the installer of Pulse Secure Client get in touch with your admin ... View more

you can try via PowerShell: Remove-Item -Path "HKCU:\SOFTWARE\Pulse Secure\Pulse\User Data\" -Recurse This command will delete the saved credentials for all the connections. Please be aware that is not something officially supported by Pulse Secure, so use it with caution. ... View more

The issue is caused by the User-Agent, and how the SAML auth is handled. When you use SAML, the authentication is done through browser and after that the session cookie is transferred to the PDC. During the first authentication you will see: Login succeeded for "user/realm" from <ip-addr> with Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko. and then: Agent login succeeded for "user/realm" (session:xxxxxxx) from <ip-addr> with Pulse-Secure/9.x.x.xxx (Windows 10) Pulse/9.x.x.xxxx.   That's not causing any warning, but when you have to extend the session, as you said you have to authenticate again while still having an active session. When you perform the re-authentication for extend the session, the PCS already has an active session with a different User-Agent, hence the warning. When using the AD you don't see any warning because the User-Agent is only one. I don't see any solution for this issue. Well.. a sort of solution could be enable more than 1 user session at realm level... ... View more

The logs can be found under “~/.pulse_secure/pulse/pulsesvc.log” You can try to give it a look Your admin should be able to help you figured it out, also the PCS side logs could be also helpful. I think the best option would be ask your admin to provide you the lastest Pulse Secure Client which is 9.1r10 There was a major change between 9.1r5 and 9.1r10 https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44618/ ... View more

Typically admins aren't bad guys who wants to steal your data... anyway.... If you don't trust the .deb file that you received, you can download the installer directly from the "VPN server itself" https://<your vpn fqdn>/dana-na/jam/getComponent.cgi?command=get;component=PulseSecure;platform=deb64 Beside this or download it from my.pulsesecure.net, there is no other way to download the .deb installer... Just for your peace of mind... in the download section of my.pulsesecure.net for the package that you indicated the following hash are posted: MD5 Signature: 8c7f3273a7ee688db65a9f51e2aa46b6 SHA2 Signature: d339acf4d9afe0859a837827df056dca7d9efe24188d0c37c5fed7b33bf0e118   The "Unacceptable TLS certificate" is displayed if either the SSL certificate is not trusted by your linux or if the PCS is not sending the entire certificate chain.     ... View more

Well, you told that you opened a case with MS. Have you asked them if they support DHCP Option 118? If DHCP Option 118 is not supported by the DHCP server you are not able to accomplish what you want.   Have you checked this KB? https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB22611/ "Configure DHCP Option 118 if it is supported by your DHCP server, however, keep in mind that this option will not work with a Microsoft DHCP server, as Microsoft does not currently implement this RFC." ... View more

What PCS version do you use? Please check this KB: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44412/ ... View more

If I'm not wrong, for ARM cpu in this moment you can only use the Pulse Secure App available on Windows Store. It is a "light" version of Pulse Secure Desktop Client, so, not all the features are available, but you can give it a try to see if it is suitable for your environment. ... View more

Hi, it is a know issue: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44347/   You can apply one of the  workaround explained in the KB, or wait for a fixed client.   ... View more

Hi, The prompt "The server configuration requires the application to be pre-installed on your machine" appears when you click start on "pulse secure" button via browser?   Do you have the Pulse Secure Desktop Client installed on you pc?   This message tipically appears when the administrator doesn't flag the option "Enable web installation and automatic upgrade of Pulse Secure clients" and the pc doesn't have preinstalled the Pulse Secure Desktop Client.   Pulse Secure Application Launcher is used only to lunch Pulse Secure Desktop Client but it is not the client that allows you to connect. ... View more

Well... the group membership  role map is done accordly to the "User Directory/Attribute" server. By default if you select as primary authentication server an AD server "User Directory/Attribute" is set as "same as above". Since you are using as primary authentication DUO you need to add to your configuration a LDAP server and set it as "User Directory/Attribute" server ... View more

If you have more realm on same sign-in page and one of the realms has the Host Checker set to enforce, than the normal behaviour is to run the Host Checker before you even can insert your credentials / select the realm because the HC enforced at realm level is done before authentication ... View more

Hello, If your PCS version is 9.0r1 or above and you are using Split-Tunneling configuration you should consider this KB: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43846   ... View more

Well.... if your company use a Public CA then the issue should be related to the fact that your administrator doesn't  has imported the Intermediate CA to the PSA This mean that when you connect to your server fqdn, the server doesn't give you the entire certificate chain.   We can check this by using the openssl. openssl s_client -connect <your_fqdn>:443   Can you post the result?     ... View more

Ok, from what you are telling it seems that you company use a self-sign or a certificate siged by a private CA   If the certificate is sigend by a private CA you should follow the steps 5 to 8 of this KB in order to import the CA to your linux machine https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40278 ... View more