Reset Search
 

 

Article

KB40445 - Host Checker compliance failure with remediation message "No Rules Are Configured For the Mac (or Windows) Platform"

« Go Back

Information

 
Last Modified Date3/11/2017 1:22 AM
Synopsis
This article provides the steps to resolve Host Checker compliance failures for Windows and Mac platforms where Host Checker reports that "No Rules Are Configured for the Mac (or Windows) Platform".
Problem or Goal

When a Windows user signs in to a realm with Host Checker enabled on it, they see the following HC message, even though the endpoint they are signing in from is in compliance:


User-added image

A Mac user signing into the same sign-in URL with Mac Host Checker policies enabled on it would see the same message except that the "Reason" portion of the message would indicate that No rules are configured for the Windows platform.

This issue occurs under the following conditions:
  • Two or more realms are assigned to the same Sign-In URL.
  • One or more Host Checker policies are evaluated and/or evaluated and enforced on two or more of the realms.
  • Some realms have Windows Host Checker policies configured on them and others have Mac Host Checker policies configure on them.
  • A mix of Windows and Mac HC policies co-exist under the same Sign-In URL.

The User Access log will display the following message for a Mac user who is signing into the realm with the HC policy "Mac_hc" applied to it and one of the other realms using the same sign-in URL has the "Windows_HC" policy applied to it:
 
InfoAUT229252017-03-01 13:47:11 - ive - [172.20.16.60Default Network::System()[] - Host Checker policy 'Windows_HC' failed on host 172.20.16.60 . Reason: 'No rules are configured for the Mac platform.'.
InfoAUT229232017-03-01 13:47:11 - ive - [172.20.16.60Default Network::System()[] - Host Checker policy 'Mac_hc' passed on host 172.20.16.60 .
Cause
This issue occurs because all of the Host Checker policies for all of the realms are being applied to the endpoint because they are all using the same sign-in URL.
Solution
To resolve this issue:
  1. Create separate sign-in URL's for Windows and Mac access and apply all realms with Windows HC policies to the Windows realms and all realms with Mac HC policies to the Mac realms.
OR
  1. Leave the configuration in place and use "User Agent String" authentication policies to prevent Mac access to Windows realms and vice versa.  This way, HC policies from realms other than the user needs access to will not be enforced during the sign-in process.
To configure User-agent policies:
  1. Go to User Realms > <realmName> > Authentication Policy > Browser.
  2. For Windows realms in the User-agent string pattern field enter *windows*.
  3. The option to "Allow" will be selected by default.
  4. Click "Add".
  5. Now select the Radio button to "Only allow users matching the following User-Agency policy."  
  6. Click Save Changes. (Note: After clicking "Save Changes" make sure the radio button is set properly as per step 5.  If not, the policy will not get enforced.)
  7. Configure a User-Agency policy on all of the realms that share the same sign-in URL.
  8. For Mac realms enter *macintosh* as the User-Agent string pattern.
  9. For Linux realms enter *linux* as the User-Agent string pattern.

Example of a User-Agent policy on a Windows realm allowing only Windows users:

User-added image

Example of a User-Agent policy on a Mac realm allowing only Mac users:

User-added image

Example of a User-Agent policy on a Linux realm allowing only Linux users:

User-added image



 

 
 ​
 

Related Links
Attachment 1 
Created ByEduardo Mendoza

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255