Reset Search
 

 

Article

KB28908 - DHCP server is offering an IP address for a VPN Tunneling connection (Network Connect or Pulse Secure client) that is already assigned to another user

« Go Back

Information

 
Last Modified Date3/23/2017 3:50 PM
Synopsis
This article explains why Network Connect fails to connect and reports nc.windows.app.23790 error messages when the IP address offered to the PCS device by the DHCP server is already in use by another VPN Tunneling client user session.

 

Problem or Goal
Network Connect fails to connect and reports nc.windows.app.23790 error messages when the IP address offered to the PCS device by the DHCP server is already in use by another VPN Tunneling client user session. Users report that they intermittently encounter nc.windows.app.23790 error messages when they attempt to connect with Network Connect. Sometimes, many attempts in a row fail until the users are able to connect. Pulse Secure Desktop users also encounter the error messages when Network Connect fails to connect.
Cause
The DHCP server determines which IP address to offer:
  • the same as a previously-assigned IP address for another user, or
  • a new IP.

The DHCP server must use a unique identifier to track the assigned IPs. If the DHCP server uses an identifier that is not unique, it can incorrectly determine that the request is for an existing user session and offer the same IP address that is in use. The PCS device generates a Client MAC address field in the DHCP request, but this address is not always unique, so the DHCP server should use the Client-Identifier field rather than the Client MAC field as a unique identifier.

According to RFC 2131 ("Dynamic Host Configuration Protocol"), each client identifier must be unique:

DHCP defines a new 'client identifier' option that is used to pass an explicit client identifier to a DHCP server. This change eliminates the overloading of the 'chaddr' field in BOOTP messages, where 'chaddr' is used both as a hardware address for transmission of BOOTP reply messages and as a client identifier. The 'client identifier' is an opaque key, not to be interpreted by the server; for example, the 'client identifier' may contain a hardware address, identical to the contents of the 'chaddr' field, or it may contain another type of identifier, such as a DNS name. The 'client identifier' chosen by a DHCP client MUST be unique to that client within the subnet to which the client is attached. If the client uses a 'client identifier' in one message, it MUST use that same identifier in all subsequent messages, to ensure that all servers correctly identify the client.

Solution
The PCS device sets DHCP Option 61 Client-Identifier to a unique value that represents the user's session internally. If the DHCP server uses this value to track IP address assignments, it will not mistake a new DHCP request for an existing session.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255