- Pulse Secure Community
- :
- About ssimartim
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
04-13-2020
13 hours ago
ssimartim
Occasional Contributor
13
Posts
4
Kudos
2
Solutions
Thursday
PCS Version is 9.1.R11.5 PDC access is not affected, only browser access. Ok, I'll open a case with Support. Many thanks
... View more
2 weeks ago
1 Kudo
Hi everybody! I’m wanting to create a new hostchecker policy that checks if certain software is executing on the PC when the vpn connection is requested. I created a hostchecker policy type “Custom Rule: Process”, in process name I specificated the process name and then added the md5 and sha256 checksums from the .exe file. I used the utility Get-FileHash of Windows Powershell to get the hashes. I've also used the tool provided in this KB Pulse Secure Article: KB16195 - How to create a MD5 checksum for Host Checker process checks. But the hostchecker fails, from the log the message is “Necessary process not found, or checksum does not match”. The issue is related with checksum. If I don't specificate the md5/sha256 checksums, the hostchecker pass. I’ve calculated the checksums in three different PC and it’s always the same. Anybody knows how pulse or hostchecker is doing the checksum o where I can find this value in log? Many thanks.
... View more
05-21-2021
04:05:AM
Hi, We aren't use chache cleaner policy. This error has happened on two different PCS platforms. Ok, we'll open case with support. Thanks
... View more
05-20-2021
05:54:AM
Hello team, I've few users that hostchecker fails with error "Server has not received any information for this policy". Access is through browser (Chrome and Edge Chrome) and OS is Windows 10. PCS server is 9.1R11.4 All componens (PSAL, hostchecker...) have been uninstalled and installed on users PC. All information that I've found is about MacOS, nothing Windows. What could be happenning? Thanks!
... View more
- Tags:
- host checker
Labels:
05-03-2021
11:52:PM
1 Kudo
Yes, it's possible. You need to configure a virtual desktop resource profile. Here you define ip:port of the vmware broker and the SSO, then the bookmark. Not much different to configure than an RDP resource profile. Yes, Vmware Horizon client is required on the remote laptop.
... View more
04-12-2021
01:19:AM
Hi, I've two different clusters (appliance model and virtualized) and I'm receiveng the same error when launching RDP bookmarks: "An unexpected error occured." then "Detected an internal error. Please retry. If the issue persists, contact your administrator". However HTML5 bookmars works. This error also happens when executing hostchecker, it fails.
... View more
02-05-2021
02:05:AM
Hi team, I’m trying the following configuration, ¿is it possible? I don't know if there is any incompatibilty. Always ON VPN + machine authentication + secondary user authentication (LDAP) Which I want is that our laptops establish the vpn connection during startup based on machine authentication (when the user haven’t login in windows yet). When the user logins in Windows, the vpn connection (created by machine) is replaced with a vpn based on user credentials. As these docs explain: https://docs.pulsesecure.net/WebHelp/PDC/9.0R1/Content/PDC_AdminGuide_9.0R1/Machine_and_User_Authentication_1.htm https://docs.pulsesecure.net/WebHelp/PDC/9.0R1/Content/PDC_AdminGuide_9.0R1/Pulse_Connection_is_Established_3.htm -> Figure 66 and Figure 68 I could not get it to work. Analyzing logs I can see the PSA checks the certificate, the primary authentication is successful, and then PSA try to validate user/pass, but the user hadn’t login yet, failling. The first VPN connection based only on machine authentication doesn’t establish. When the user logins in windows, then the VPN is established. 2021-02-03 14:10:06 - ive - [10.16.0.30] Default Network::user(REALM_XXX)[] - Login failed using auth server Local_auth_server (Local Authentication). Reason: Failed -->> For testing purposes I'm using local auth 2021-02-03 14:10:06 - ive - [10.16.0.30] Default Network::user(REALM_XXX)[] - Secondary authentication failed for host/host.dom/Local_auth_server from 10.16.0.30 2021-02-03 14:10:06 - ive - [10.16.0.30] Default Network::user(REALM_XXX)[] - Password realm restrictions successfully passed for user/REALM_XXX , with certificate 'Certificate' 2021-02-03 14:10:06 - ive - [10.16.0.30] Default Network::user(REALM_XXX)[] - Primary authentication successful for user/AUTHSERV_Cert_Ministerio from 10.16.0.30 Thanks
... View more
06-26-2020
02:28:AM
You can block it with a external firewall that uses regions/countries in the rules. But as @flipPipe said, a vm could be created in a cloud provider of your region and the connection won't be blocked.
... View more
06-26-2020
02:22:AM
Hello, My company is splitting in two (IT staff/resources won't change) so the connection url VPN must be adapted to something like this: vpn.company1.com vpn.company2.com I've read about configuring a virtual port to support the new hostname/certificate: https://docs.pulsesecure.net/WebHelp/Content/PCS/PCS_AdminGuide_8.2/Using%20Device%20Certificates.htm I could something like this: * external physical port -> associated with certificate vpn.company1.com * new external virtual port -> associated with certificate vpn.company2.com The trouble here is I need to purchase a new public IP and that's $$$. It's is possible to use a certificate with the two domains? For example, a certificate with: CN=vpn.company1.com Subject Alternative Name: DNS Name=vpn.company2.com And then associate this certificate to the external phisycal port. Thanks! :)
... View more
04-27-2020
11:47:PM
1 Kudo
Hi Ray, I made the tcpdump and observed the following message in RDP negotiation: RDP negotiation failure: server requires enhanced RDP security with CredSSP. Then I checked the bookmark section and realized that the checkbox "Network Level Authentication" was unmarked. I marked it and then it started to work. Thank you very much, the topic can be closed.
... View more
04-14-2020
09:28:AM
Hi, I don't see any events related to ACL. I get this from a trace: Start Policy [HOSTPORT/WINTERMSERV] evaluation for resource workstation.local:3389 Applying Policy [RP_WTS_My_PC]... Action [Allow access] is returned Policy [RP_WTS_My_PC] applies to resource In the user access log, I see that the connection is created: Connected to workstation.local port 3389 Closed connection to workstation.local port 3389 after 0 seconds, with 19 bytes read (in 1 chunks) and 47 bytes written (in 1 chunks) Login succeeded for User-test (session:5cdf523e) from a.b.c.d with Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36 Edg/81.0.416.53. Primary authentication successful for User-test from a.b.c.d I definitely have no idea why this happens.
... View more
04-13-2020
12:33:AM
Hello team, I've configured dynamic terminal services bookmarks as described in KB28693 but I'm not able to make it works. When the user logins the bookmark is created, but there is always error launching it: "An internal state error has occurred. The remote session will be disconnected. Your local computer might be low on memory. Close some programs, and then try connecting to the remote computer again." I'm using ldap attribute "otherIpPhone" as in KB28693... But now, if I change the ldap attribute to "ipPhone" or "facsimileTelephoneNumber", the bookmark works and the terminal session is launched... Also, I tried a html5 boookmark using "otherIpPhone" attribute and it also worked. So, the problem couldn't be the ldap attribute. What am I doing wrong? Could be a bug? (I'm running version 9.1R4). Thanks.
... View more
Labels:
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
