- Pulse Secure Community
- :
- About DHayes_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
DHayes_
Contributor
21
Posts
0
Kudos
0
Solutions
04-24-2013
12:59:PM
I'm running into this same error. This only occurs when the machine has had the Pulse client installed previously and then signs into the site to get it re-installed. I haven't run into this issue with a machine that has never had it installed before. If I manually install from the downloadable package the installation works fine. If anyone has any insight I would appreciate it.
... View more
05-02-2012
09:05:AM
We used the user-agent string as well for restricting access and had Production issues because of this change. Does anybody know if this was covered in the release notes?
... View more
09-01-2011
06:57:AM
Thanks for the advice zanyterp. I'll see if I can get this tested and let you know how it works. Thanks again!
... View more
09-01-2011
06:51:AM
So authenticating with the certificate is not required in order to use it later in role restrictions? That would be perfect if that was the case. Do you know if I could test this with a self-signed cert? I know this is not the correct way to do it but I don't want to have to buy a client cert before I know this will work. Thanks, Derek
... View more
09-01-2011
06:37:AM
I'm trying to accomplish the same thing. I'm wondering if a client certificate can be used as a secondary authentication and then used in role restrictions to allow/deny certain access? i'd like to be able to use one URL for Corporate and non-Corporate iPad users. The secondary auth will not be a requirement to login but be used later for role restrictions. Does anyone have any experience with this? Thanks, Derek
... View more
04-11-2011
05:54:AM
I had the same thought but when I tried that it didn't work. The only way to make it work was to add the domain controllers to the list of allowed logon workstations.
... View more
04-04-2011
06:28:AM
Thanks for the information. I guess I'll be using AD auth for this realm because of the logon workstation restrictions. Thanks again!
... View more
03-29-2011
03:25:PM
A few weeks ago I switched our authentication method from AD to LDAP and everything for the most part has been working without any issues. Today a user tried signing-in and was denied access because of an unexpected AD error code. The complete error reads as follows. Bind failed to user DN "CN=XXX,OU=XXX,OU=XXX,DC=test,DC=net" AD code=1329: Unexpected AD error code After looking into error code 1329, I found that it's related to the Logon Workstations restriction. This particular user is only allowed to logon to a few machines. My question is why is LDAP treated differently than AD auth? Is this expected behavior or is this a problem between the IVE and domain controllers? If I remove the logon workstations restrictions, then the LDAP auth works just fine. Is the AD auth doing something different that allows the login as opposed to LDAP? I don't want to add the domain controllers to the list of workstations that this user can logon to. Any suggestions? Thanks!
... View more
09-09-2010
06:19:AM
We're currently using Terminal Services to access Windows 7 desktops without any issues using SSO. I am authenticating users with AD so I use <USER> instead of <USERNAME>. This variable includes the domain name along with the username.
... View more
08-10-2010
01:37:PM
Has anyone found a good solution for transferring device certificates from one SA to another? Here's my situation. We have two SA6000 devices running in an active/passive cluster for production and one SA6000 running as a standalone in our DR location. If we ever have a disaster I'll want my users to be able to go to the same URL to gain access which means I'll need the production device certificate on the DR device. I can't use the system.cfg to import the certificate because this will overwrite my existing certificates. Does anyone have any suggestions?
... View more
07-23-2008
01:38:PM
Hey Brian, has Juniper resolved your case yet? I'm still working with them on my case but they haven't come up with a solution yet. If you've had any luck I'd be willing to try whatever you did to fix it. Thanks!
... View more
07-22-2008
07:02:PM
We currently access our Citrix 4.5 farm through our SA 6000 active/passive cluster with 6.0R5. We recently upgraded from 5.5R2.1 without any issues. What is your configuration? Are you using JSAM to tunnel the traffic? If you can post more details about your configuration that would be helpful. Regards
... View more
07-15-2008
06:57:AM
I have also seen weird issues like this after doing an upgrade. I have an SA6000 active/passive cluster that I recently upgraded to 6.0R5 from 5.5R2.1. After the upgrade the primary unit jumped to 20% CPU utilization and the throughput on the internal interface jumped to 12mb steady. I had to remove the unit from the cluster and reboot to resolve the issue. In an upgrade previous to this one I had memory utilization issues and I followed the same steps to resolve the issue. It seems like there is a bug in the upgrade process when you're dealing with a cluster. I have never experienced these issues when working with a standalone unit.
... View more
07-14-2008
03:16:PM
I have experienced similiar issues when I upgraded our SA6000 active/passive cluster to 6.0R5. I found that by disabling the Replay Protection option in the Network Connect Connection Profile that I was able to connect and stay connected with ESP. I currently have a case open with Juniper but no progress yet.
... View more
06-19-2008
11:40:AM
I've had a case open with JTAC for a couple of weeks and I have not heard much back. Today they requested a complete policy trace when using OWA so I sent that to them. I figured this would require an OS patch to resolve. I'll post more when I hear back from JTAC.
... View more
06-19-2008
09:39:AM
Our company is in the process of switching from Exchange 2003 to 2007. We currently use OWA 2003 through an active/passive cluster of SA6000 appliances and are not having any issues. I recently upgraded our test SA2000 appliance to 6.0R5 to support OWA 2007 and configured a resource profile. Everything works as far as accessing OWA but there is one anomaly that is bugging me. When a user opens an email from OWA and the email opens in a new window, the SSL login screen briefly appears and then the message appears. My concern is that someone on a slower link will see this and then try to enter their credentials again. Is anyone else experiencing this same issue? I currently have a case open with Juniper but they aren't sure why this is happening. If you use OWA Light the problem does not exist. It would be nice to hear that I'm not the only one having this issue.
... View more
05-12-2008
08:40:AM
Another way to do it is by way of start script. I use taskkill to end the iexplore.exe process after Network Connect has established the connection. The start script also does a couple of other things as well and has worked well. The start script settings are located in the role under Network Connect options.
... View more
03-28-2008
09:10:AM
I knew there had to be some scenarios for it's use but couldn't think of any until your post. Thanks for the feedback!
... View more
03-26-2008
03:01:PM
Can anyone explain the scenarios in which you would use the proxy config for the Network Connect Connection Profile? We use a wpad.dat file for the proxy configuration on all users systems. This is configured in IE for each computer (Use automatic configuration script). In this configuration is the Network Connect proxy needed and if so why?
... View more
03-26-2008
11:41:AM
We've been doing this for years with a session start script. After Network Connect makes a connection, the script is downloaded to the client and then ran. The script then closes all IE browser instances and does a few other things. This has worked well in our environment of roughly 300 users. The session start script configuration is located in the Roles Network Connect options. Hope this helps. Derek
... View more
03-26-2008
10:58:AM
I'm having an issue with my Network Connect configuration when using ESP instead NCP/oNCP. If I enable Replay Protection the connection establishes using ESP but a couple of minutes later it fails back to NCP/oNCP. If I don't use Replay Protection I don't have the problem. I currently running 6.0R5 on an SA2000 box. The NCService.log is showing errors about the keep alive failing for the tunnel and then shows it switching to NCP mode. Before the keep alive error there are 30 or so errors similar to this one: ipsec: packet 1 behind the window 793/FFFFFFFF, ignored ipsec: Error decrypting packet I haven't opened a case with Juniper support yet and was wondering if anyone else has run into this problem. It works as long as I don't use Replay Protection and I'm wondering why this would cause the problem.
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
