It appears any user who has selected the option to save settings when they initially connected and selected their personal certificate is getting their connection denied when that certificate is automatically renewed. It seems that instead of either a new prompt to select their certificate or the Pulse client just using the new renewed cert, they get the error "missing or invalid certificate". Does the desktop Pulse Connect really not have the ability to handle a certificate renewal gracefully, or have we missed some kind of configuration option? The clients are all Win7 x64 Enterprise using a domain personal certificate as the second factor authentication. Appliance is running 8.1R9 and the desktop clients are 220.127.116.117. When having the user right click on the connection profile and choose to "forget saved settings" it resolves the error, but that doesn't cut down on the number support calls we're getting which is basically every remote user so far as their certificate is renewed. If there isn't a way to have the client handle the renewal better, are there any instructions on how to deploy a GPO or something to instruct all clients to forget saved settings and block them from choosing that option?
... View more