thanks for replying I'll check my events log to see.  ... View more

Hmm if it says that McAfee Viruscan 15.6.245 does not comply with policy. Check the auth policies for host checker for that realm.   1. log into box 2. under "users" tab click on "user realm" 3. choose the realm that your having an issue with and click on the realm under the "authentication realm' column 4. click on the "authentication policy " tab 5. then click "host checker" 6. this should show you what host checker polices are being enforced. 7. then look at the "authentication tab" and click "endpoint security" 8. Scroll down and then investigate how the policy for McAfee was configured.  9. If the virus definitions are different bam you have your answer.    btw is this the only machine that it's happening on and is it happending only on one profile or many user profiles? ... View more

Hey Twinkie,   You always have an option to roll back.  Maintenance-->System-->Platform-->Rollback button   My suggestion is to backup your config first  Maintenance--> import/export--> configuration, user, xml tabs   also as a rule of thumb I never update to the latest firmware revision always at least 1 or 2 iderations behind.    Fyi we currently have  SA6500 SA4000  SA2500 in our enviroment with the highest rev on the boxes at 7.1.R2   hope that helps.  ... View more

Ok so I finally figured out the problem and it had nothing to do with the pass through proxy. I decieded to start from scratch, so I deleted the bookmark link, web acl's and pass through proxy settings for the password managment server that we were using on the IVE for that particular external user Role. I added the bookmark back in the role and created a web resource policy for the password server to allow access to all resources. In the Web Application Resource Profile, I noticed that the "auto single sign-on" options were enabled for NTLM so out of curiosity, I changed the option to allow auto policy to auth through kerberos and retested. Bamm it worked! Apparently NTLM auth allowed users to log in but somewhere in the backend they were using Kerberos to auth back to the front end. That explained why users could log in to the password mangement ui but when they were trying to go to other places on the server they were presented with the 404 message. Also it explained why the server was so slow when it was being queried. thank you guys for replying to my thread and at least giving me options to look at I appreciate it. ... View more

@JayLaiz: Ended up using burp suite to filter the http proxy logs and the redirected url is not different from the backend URL. I took out the pass through proxy option because it kept breaking my link so as we speak the Link on the role is just through a web acl to the password server. When you say publish via rewriter do you mean going to web options on the role and checking "Rewrite file://url" option? I'm not sure I'm understanding your question. @zanyterp: I don't manage the password server, so I'm not sure if rewrite is even enabled on the server. I can check with admin of the server and get back to you. I'm assuming it does because in the logs when hit the web page it does redirect to the different pages within the web page index. ... View more

thanks Kevin for the Speedy reply. ... View more

Don't know if this helps but, I had a similar incident happen to me for two orginizations that I've worked for. What I found out was in my scenario, the antivirus on the machine was not allowing host checker to execute from the temp folder once it was installed. Once I turned off that feature in McCafee I was able to install host checker with no issues? This of course was for a windows machine. Hope that helps. ... View more

[cid:[email protected]][cid:[email protected]] ... View more

Greetings Osman, I've had the same issue with NC for users on WiFi, I don't know exactly where the issue resides but if they are using WiFi at home best bet is to have them connect physically with a cable. Generally this solved most of my problems, I did not troubleshoot it further as if I don't have enough to do hahaha. take care hope that helps. ... View more

Greetings John, I went to my Resource Policies Network Connection profile as you instructed and the transport mode is set to ESP udp port 4500. My question would be if I were to change it to oNCP/NCP and use tcp/443 would the transistion be seamless meaning will the users notice much of a difference. In addition, I don't maintain the firewall for our enterprise so how would I got about checking if UDP port 4500 is open on both sides without a current user session? ... View more

I figured it out and thought I'd update this page so that if someone else stumbles upon it they get the complete thread. Long story short, the problem had to do with a task in McAfee called "Access Protection" in the virus command console. Apparently it would block the HC and NC from installng from the temp file. I simply disabled it and installed HC and NC and reinabled it as it is pushed out on our network via sms. ... View more

Greetings, JintsFan I did try installing via firefox and on two other workstations and labtops. All machines are using Windows XP service pack 2 and higher with IE 6.0 or Mozilla 5.0 Whats interesting is that when I download the exe from the installer in the Juniper Admin console and install it on the local machine the same error comes up "Network error occured" After some thought and experimentation, I went ito the program files and connected network connect only, then I opened up IE and connected with no problems. Though this is a work around, I'm still plauged with the problem of why network connect and host checker will not install automatically? ... View more

Thanks Kevin this worked like a charm ... View more

Thanks Kevin for the information. The only question I really have is once this rule is created do I just add it to the existing authentication policy in the user authentication realm? ... View more

Geek, thanks so much for the help. I'll have to test this option out on a test laptop and update this thread. ... View more

I figured out what I was doing wrong thanks guys for your help. The origional network connect policy which was configured for *.* or all resources, was interfering with my newly created policy that allowed users to access a scope of ip addresses. I created a deny all policy just below that so that the intial network connect policy would not interfere with the new created policy. Then I assigned it to the newly created role and put the policy as the first in the order of presedence and viola it worked. Message Edited by dtlam76 on 02-24-2009 09:42 AM ... View more