Discussion on this thread is incomplete, since it requires admin access to the VPN server for checking the logs and packet flows.    Please log a support ticket with Pulse Secure TAC if you're the admin or request you administrator to do so. :)  ... View more

Hi Jon,   Both logs are showing the host checker compliance results (pass for both users). Any other messages got generated for the failed users?   Thanks, Ray. ... View more

Yes.. It was documented in this KB, KB44000 - After installing Pulse Desktop Client 9.0RX (macOS) and above, network speed begin to decrease slowly over time when not connected to a VPN tunnel. ... View more

Hi Jon,   Primary authentication failed is a generic error message   [1319] Short-desc = Authentication rejected by server. Long-desc = Try the operation again. If the problem persists, contact your network administrator.   which could be caused by any of these reason(s),   1) Communication issue between the VPN and AD - No network connectivity. 2) Incorrect credentials are used during login. 3) A very rare possibility of AD services malfunction.   Do you see any auth server unreachable messages got generated under the Event logs during that time period? or any events related to AD authentication?   Thanks, Ray. ... View more

Hi Madhu, WSAM is only supported for Windows machines, for Mac machines we have to use JSAM (Java SAM). Please enable JSAM for the user role or request your administrator to do the changes. Please install JRE and JDK packages on the Mac machines for using JSAM without any issues. Hope this helps. Thanks, Ray. ... View more

Hi @tony.f   As @zanyterp rightly pointed out, do you have a route on the AWS cloud to point all traffic destined to 192.168.1.0/24 (VPN IP pool) will be forwarded to 10.100.100.1 or whatever the internal port IP address of the VPN appliance?   If there is no such route, that would lead to reverse route issue i.e. client is able to reach the destination servers through VPN server's default gateway, however the destination servers are not able to reach its way back to client.   Ideally the traffic flow will be like,   Client sends a DNS query to 8.8.8.8    Client (192.168.1.10) >> VPN server tunnel interface (10.200.200.200) >> Makes routing decision based on destination address (8.8.8.8) >> Sends the traffic to it's internal port default gateway >> Several hops / NAT / PAT (Internet) >> Reaches 8.8.8.8 DNS server.   8.8.8.8 sends the DNS response to client   DNS response reaches the VPN server's default gateway >> Checks it's routing table >> if a valid route is present stating that any traffic destined to 192.168.1.0/24 network will be forwarded to VPN server internal port IP address >> VPN server internal port recieves the return traffic >> forwards it back to client IP address.   Thanks, Ray.   ... View more

@Squeaky, To make the IKEv2 connection to work on the iOS, we should fulfil the below list: --- You got the authentication, profile and basic settings in place, I believe. --- VPN identity Certificate chain should be complete and trusted by public CA. --- Certificate should have a SAN name which should be matching with IKEv2 profile in the iOS. --- Connection profiles should have ESP transport policy set any available SHA suites. --- You should use FQDN of the VPN server in the iOS IKEv2 profile. What is the behavior that you're experiencing when you're connecting to IKEv2. If you take a TCP dump on the external port while attempting, are you see the UDP-500 and UDP-4500 packets reaching the VPN?? ... View more

Thanks for the info. WSAM with latest windows 10 version 1809 will not work (bug). Please try Pulse client and use the same VPN URL to connect, this flavour is called PSAM, will work without any inconsistencies. :) ... View more

As per the KB43717, if the mentioned conditions are met with yours, you can try to implement the "Workaround" part.   Workaround: If all conditions apply, Pulse Secure recommends to take the following actions: Uninstall the Pulse client Apply the workaround provided in Microsoft support article 4098563. The  workaround will completely block the reliability tool from running. To do this, run the following commands: takeown /f "C:\Program Files\rempl" /r /d y icacls "C:\Program Files\rempl" /grant administrators:F /t /q icacls "C:\Program Files\rempl" /deny system:F /t /q Reinstall the Pulse client ... View more

Are you using Pulse Client Layer-3 VPN tunnel or Application tunnel using WSAM? ... View more

Trying using Pulse Client to connect to the VPN server. Once you got successfully connected, the Pulse Client will act as Pulse SAM (PSAM) and behaves just like WSAM.   To check, open the pulse client >> right click on the VPN connection >> advanced connection details >> check if shows the transport type as WSAM. ... View more

Hi @PaulieP,   Yes, you have enable logging using msiexec switch commands.   Use this syntax: msiexec /i <msi file path> /l*vx <log file path>   Note: "/l" the keyword here is lowercase L.   For eg: <msi file path> - C:\PulseSecure.msi & <log file path> - C:\msilog.txt. ... View more

@GordonD, Issue might be related to NLA, any chance you happen to know what is the NLA status on the backend machine and on the VPN server?   Normally, internal state error message will be disaplayed if the NLA is not enabled on the VPN server but it is enabled on the remote machine which you're RDPing into. ... View more

Sounds like a bug! Please try using 5.3R7 Pulse Client and notice the behavior. ... View more

@ivarss @mcarrick Glad to hear that. :) ... View more

Hi Paul,   What do you see in the MSI install logs?   Check for return value 3 (fatal error) and backtrace to the cause. ... View more

Hi @ktlesko,   Can you please try to install 5.3R7 Pulse Client and check the behavior. Kextfirewall plugin is not present in 5.3R7 version, hence Mac should not crash.   Thanks, Ray. ... View more

Hmm. Ok. PCS is able to connect to the internet without any issues, however the client is not able to.   What is the VPN tunnelling IP subnet? Is it in the same subnet as the internal port IP address of the VPN server?   For example, if the VPN tunneling IP address leased out the client is 192.168.1.10 and the internal port IP of the VPN server was configured as 192.168.1.100/255.255.255.0, then they are in the same subnet.   If they are in the different subnet, can try assigning an IP address to the client from the same subnet as the internal port IP address of the VPN server?   Thanks, Ray. ... View more

Please try installing 5.3R7 Pulse Client which is compatible with Mac Mojave and it does not have  PulseSecureFirewall.kext plugin. ... View more

No worries..@tony.f Check your PM inbox. ... View more

Check this thread which was discussed at the Apple community.   PulseSecure crashes macOS 10.13.5 https://discussions.apple.com/thread/8440595 ... View more

Hmm... I know there has been enhancements made to the TOTP instances in 9.0R3 upgrade.   TOTP Enhancements: This feature provides the following enhancements to the existing TOTP Server implementation. o End-users will now have only one TOTP account to maintain, regardless of the number of auth. servers configured in PCS. Admins can now configure one PCS to contact another PCS for validating TOTP Secrets, thereby eliminating the need to sync the TOTP secrets across multiple devices. Admins can now export the TOTP user accounts from a TOTP Auth. Server Users Page and import onto to desired PCS devices. Admins can now automate the export of TOTP user accounts from one PCS and import onto another PCS through REST API.   May be there is an issue with that, not sure... Create a case with Pulse Secure TAC for investigation. ... View more

1. While signing up with pulse one cloud, you will be asked to enter your cloud instance hostname. If you enter pulsecloud as the instance name, then the url will be pulsecloud.pulseone.net. Use /admin at the end to get to the admin's web UI.   2. Normally, you will be using your business email (which you used during the sign-up process) and I believe after activating the instance by verifying your email address, you'll be asked to setup a password to login. ... View more

Hi @semix,   Can you please elaborate the requirement?     ... View more

Please open a support ticket with Pulse Secure TAC to start the investigation. ... View more

Review this KB article: KB43833 - Slow download speeds over Wifi after installing Pulse Desktop client on Windows 10 Redstone 3 and up https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43833. ... View more