- Pulse Secure Community
- :
- About angel.hernandez_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
angel.hernandez
Occasional Contributor
15
Posts
0
Kudos
0
Solutions
11-12-2013
04:58:PM
I'm trying to configure auto remediation for AVG Free Antivirus 2012.x Kaspersky for Windows Workstation 6.x I already configured auto remediation for windows Firewall and Windows Auto Update setting and both of them are working correctly. It's just Antivirus which is not working. IC detects when my client doesn't comply but can't enable the protection or start a virus scan. One of the several things I already tried is enabling "Wired autoconfig" and "Network Access Protection Agent" services. Using command line I set: "netsh nap client enforcement ID = 79623 ADMIN = "ENABLE" Verifying the status with: "netsh nap client show state" I get "A third party antivirus program is not enabled. Windows cannot enable the antivirus product automatically. An Administrator must enable the antivirus product manually" Any ideas? Regards Angel
... View more
10-10-2013
11:36:AM
Solved. Thanks for Prateek from JTAC. If you are running into the same issue: Make sure you have ESAP updated on your IC. Try with different policies (not only antivirus or firewall). An issue could be you Windows communicating the state of a particular product (AVG, Avast, etc) to the IC (so try different products).
... View more
10-07-2013
09:24:AM
I also, spotted this: AUT24804 2013-10-04 19:34:38 - ic - [127.0.0.1] CNBYV\userssh123(ActiveDirectory)[] - Host Checker policy 'SoH 1' failed on host '' address '60-eb-69-xx-xx-xx' for user 'CNBYV\userssh123' reason 'La IMV no ha recibido informaciÑn sobre esta conexiÑn.'. "La IMV no ha recibido informaciÑn sobre esta conexiÑn" would be: "IMV hasnÇt received information about this connection" Hope that helps
... View more
10-04-2013
09:44:PM
Hello, I'm trying to get my Windows native clients work with SoH Checks... I already have the SoH License for the IC6500. I have created a Custom SoH Check and assigned it to a test role. The configured Authentication Protocols I have (in order) are: EAP-TTLS EAP-TLS EAP-PEAP for EAP (in order) EAP-SOH EAP-JUAC EAP-MS-CHAP-V2 In my windows 7 client machine I enabled the native supplicant and configured EAP-MS-CHAPv2 Also, enabled the EAP enforcement client as stated in: http://technet.microsoft.com/en-us/library/cc730643.aspx But it all fails when I try to establish a connection. The user authentication log shows: "Host checking is not possible with this protocol" The policy trace shows: "Host checker restriction check failed for role SSH" What am I missing? Is this supposed to work with MS-CHAPv2 or how do I enable a different authentication protocol ? I'm attaching a .docx file with several screen captures of the log and the trace policy screen Thanks for your help!! Angel
... View more
09-10-2013
10:38:AM
Hello, I am working on a 802.1X authentication scenario. I have: IC6500 (4R4), Microsoft AD 2008R2, Juniper EX Switch and Windows 7 Client I have created several users ang groups in the AD and mapped them into the IC6500. 802.1X is enabled on several ports of the EX. I also enabled Windows native 802.1X authentication service, so I am not using OAC. The problem is: At the login screen, once I type user/password I get the following error message: "there are currently no logon servers available to service the logon request" I have tried with several test accounts and several scenarios. Scenario 1. 802.1X disabled at the EX. account: test1 -> I can log into the domain Scenario 2. 802.1X enabled at the EX. account test2 -> I can not log into the domain Scenario 3. 802.1X enabled at the EX. account test1 (same as first scenario) -> I can log into the domain So it looks like windows is caching the account info and using it for login. Of course it doesnÇt work if the account has not been previously used. Any idea? Regards
... View more
09-04-2013
12:10:PM
Hello everyone, I am currently working on a proof of concept but I'm unsure whether the IC6500 can "understand" SoH from Windows machines without a client (odyssey, pulse). I am trying to recognize and re mediate computers that doesn't comply with a policy (patch version, antivirus, running programs) but don't want to install a client software. Is it possible? I've seen the SoH/NAP License for IC6500 but haven't found literature about it. (would I need a NAP server?) Regards Angel
... View more
09-04-2013
11:56:AM
Thanks everyone for your responses. We have tried adding the following license: IC 6500 with 35000 simultaneous endpoints, 16 week license (IC6500-EVAL-16W) After which, we can now create External servers for authentication. Cheers
... View more
03-20-2012
05:12:PM
Sorry about the delay in this update... Turns out I was trying to add an AD 2008 R2 as an authentication server, several things I've learned since then... one of them is you can't do that... at least not without the new IC realese (coming soon) scheduled for end of March 2012. I finally add the underlying LDAP server as an authentication server, I still have all the benefits including the role mapping rules. Noticed that I have to follow your recommendetions (time synch, admin account) even for the LDAP. Tricky part was to set the right filters and DN strings. Regards and thanks for your help.
... View more
03-07-2012
08:32:AM
Thanks for your replies !!! I'll try your recommendations this afternoon and get back to you. Thanks again :D
... View more
03-06-2012
07:45:PM
Hi everyone, I'm trying to add an AD authentication server in a IC6500 4.1R6 I'm getting: Error while joining domain CNBYV. Possible causes: - The specified administrator credentials do not properly authenticate. - The specified domain or domain controller may not be valid. Also, the device's clock must be in sync with the Active Directory server. and I now my AD account works because I just added a PC to the domain... Any ideas? Thanks
... View more
02-27-2012
06:59:PM
Hi Raaven, Thanks for your reply. Yes, I was able to create 2 different radius clients with the same ip address. Also, I noticed that the problem was my ip phone(NEC)... It didn't have EAPoL enabled. Right after enabling it the solution was working just fine. :) Thanks again!!
... View more
02-24-2012
11:39:AM
Hi everyone, I'm having an issue configuring a Pulse Access control. What I'm aiming for: An IP phone (802.1X disabled) is connected to a EX switch, MAC authenticated and assigned to VLAN 600. A PC (Odyssey client) connects to the PC port on the phone, the IC authenticates using 802.1X and assigns to vlan 400. What I have: I created a MAC Address Realm and linked to a MAC Phone role and Auth Server. IP Phone can login correctly, I also created a Local Authentication Server containing a user. I have 2 different location groups each to a different Radius Client (same IP though) a single sing-in policy for users (802.1X) and a User Realm linked to his User Role. When I plug the PC to a 802.1X enabled port, the IC tries to authenticate it trough the MAC Location Group. How can I make the IC differentiate between MAC and 802.1X authentication clients?
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
