Checking to see if anyone has had success in figuring this out. After enabling hostchecker on a realm, we're beginning to see this behavior on some Windows clients when logging in from the Web to the IVE. In what I've observed, if the Pulse client is closed, then the PSAL is able to launch the client and the L3 tunnel completes successfully. Until I log out of the PSA connection and attempt to log back in. However, if the connection is initiated directly from Pulse, the connection works every time - the issue only occurs if logging in via web browser that initiates the L3 connection with hostchecker enabled. Also of note, Windows Event Application log has an msiinstaller error coinciding with the failed login/connection attempt. The pair of messages is to the effect that the Pulse Secure Installer Service - Installation Failed, and "You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation." I've been able to reproduce this on test machines where I am the admin user, as well as testing on a non-domain endpoint with the same result. Just checking if there's any insight as I also work to open a ticket.
... View more
While Ansible does ordinarily use ssh for configuration management, it also can make use of REST api's to do config management - beginning with the generic uri module. There are a plethora of networking vendors that have built and publish Ansible modules for managing their devices via REST api - for example FortiOS - https://docs.ansible.com/ansible/latest/modules/fortios_vpn_ssl_settings_module.html#fortios-vpn-ssl-settings-module. Creating and publishing modules for managing PSA via the REST api is definitely something that Pulse should be looking at doing as well.
... View more