how is your split tunneling rule configured? do you have an ACL for all the internal sites? ... View more

from a technical perspective, it should be working using wired or wireless connections from a corp-managed perspective, it is possible it was disabled for some reason (or you have found a new way for it to fail) i would suggest opening a case with our support team for further investigation ... View more

You do not need to use a cluster unless you are looking for sharing configuration data (which can be done through Pulse One as well). It looks like you should be fine to have each node connected to the license server individually and set the reserve to 0 with a maximum of 5000 for both. ... View more

Thank you; how is testing without 2FA looking? If it is still failing, we can try to plan something to look at this over video chat via messaging. ... View more

Thank you for the update and opening a ticket with support. if you are using both certificate & AD, that looks like the AD component is failing ... View more

I can confirm that it cannot be removed; it is part of the Pulse client installation. ... View more

are they using the same connection set/store as other systems? does the connstore.dat show the option to allow users to add connections? ... View more

If you look at control panel, are you seeing the Pulse Setup client installed? ... View more

Do other AV softwares work successfully? It appears you have identified an issue with Host Checker; as @Ray indicated, please open a case with the support team for tracking the failure with OPSWAT ... View more

this sounds like correct behavior please open a case with support for further information ... View more

i think the only time i have seen that when compatibility mode enabled please open a case with support ... View more

lockdown & always on VPN configuration if you need further clarification, please open a case with support ... View more

that is not something we have seen; however, having another VPN up and running, especially a utun, would not surprise me to trigger this i will try to get an openVPN server up and running to test this specific scenario as well ... View more

Have you defined only the specific EKU that you want used? I believe that sounds fine; however, without seeing the log I cannot confirm As mentioned by @Ray, please open a case for confirmation ... View more

TCP dump on the client & physical port the user is connecting against check the client log to see if you can see a disconnect message ... View more

Thank you for letting us know that we missed updating the admin guide The change was intentional to make it more intuitive to apply to both activating the new ESAP as well as updating the ESAP version to be used on the client; apologies that this backfired. ... View more

I would recommend you reach out to your account team to let the product managers know about this. alternately, you can open a case with the support team to have a trackable item ... View more

how many servers do you have in your server farm? i agree that it looks to be an issue with either replication between domain controllers or communication between the PCS & AD. ... View more

login to the desktop is failing? that is not something we have seen or heard ... View more

I do not think that is a use case or option that has been presented to the product team; I would definitely recommend asking your account team to talk to PLM about adding this as a feature to optionally do an attribute check between authentications. At this time, the flow is designed to do the following: - check if the user exists with proper credential on the primary authentication server - check if the user exists with proper credential on the secondary authentication server - check attributes (authorization) received from both authentication servers against the values defined for role mapping - assign roles, or reject login, based on what was determined during the authorization stage ... View more

No ... View more

That does not sound like something we have seen/heard of yet. Can you upgrade to a newer version? ... View more

Do you know if the system is configured for L3 access? What does the user access log show? ... View more

What is the router fronting the system? Does the router show the packets going through to the PCS? Does the PCS show the packets being received? Do other clients connect successfully? ... View more

What type of connection are you using (L3/VPN, L4/SAM, web rewrite)? If you have an L4 (WSAM) connection and try to connect to a protected resource using MS Edge, that will fail. ... View more

The specifics are OPSWAT IP; but the antivirus being checked is _probably_ the DAT. But even that might be wrong if the virus definition file is stored in something other than the DAT. There is a query from Host Checker to the AV and there is a response on what version of the antivirus database is installed ... View more

Please confirm what version you are using. This sounds like something that is fixed by 8.3R7 and 9.0R3 ... View more

Thank you for the further information, @tony.f yes, if your PCS is in the AWS cloud, i do not believe split tunneling disabled can be used (i know that is a limitation of azure and am guessing it is the same for AWS). i have not heard/seen where it disconnects the adapter in either scenario, though. i would recommend opening a case with support for further investigation @Ray, thank you for the detailed write up ... View more

Do you have the Pulse application in your system tray that you can use to launch from instead of relying on Edge? Is the SAP logon through Edge or another browser/application? If it is through Edge, WSAM cannot tunnel the traffic and an L3 tunnel will be needed ... View more

1: Yes, RADIUS cannot be used to validate certificates. You need to upload the CA chain of your issuer to confirm what machine certificates you want to trust against 2: If you have configured OCSP or CRL checking _and_ you have enforcement enabled, the user will not be allowed to login. If you do not have OCSP or CRL checking enabled, or enforced, they will be allowed to login ... View more