Hi Ray, Thank you for the response. I think I had it incorrectly configured then, as I put the Certificate Server for the authentication on the sign in page policy. You are saying the sign-in should have the RADIUS server for authentication, correct? I'm trying this and now it is immediately failing authentication. it looks like it's trying to authenticate as host instead of prompting for credentials. At some point I had it configured so it was prompting for credentials, but if it failed (or I hit cancel), then the entire connection failed. I need it to be always connected via machine cert and then have the option of logging on interactively with user credentials, always falling back to the always on mode. I must be missing something somewhere.
... View more
Hello all, I have configured Pulse Secure Client to create an always on VPN connection using machine authentication which is working well enough. What I'd like to do is then have the end user be able to further authenticate using a RADIUS-backed authentication realm to be able to expand network access rights. I thought the option might be 'Enable pre-desktop login (Credential provider)' but that requires the Machine OR User authentication option and that then requires a user certificate which I don't have, nor want to use. Any ideas?
... View more