Reset Search
 

 

Article

KB40461 - Windows 10 secure sessions get disconnected due to Host Checker time out

« Go Back

Information

 
Last Modified Date3/15/2017 5:55 PM
Synopsis
This article provides the root cause and solution for an issue where Windows 10 users get disconnected due to a Host Checker time out.

 
Problem or Goal
If Host Checker is configured with an interval other than '0' Windows 10 users get disconnected at the second scheduled Host Checker interval due to Host Checker timing out and terminating the session.

This issue only affects Windows 10 users who login to a realm and/or get assigned a role where Host Checker is configured to check the compliance of the machine .


The User Access Log will show the following messages:
 
 
info - [47.23.45.130] - pulsesecure-test(LDAP)[PulseSecure-Test] - 2016/06/22 15:44:16 - System process detected a Host Checker time out on host 47.23.45.130  for user 'pulsesecure-test'  (last update at 2016-06-22 15.36.51 -0400 EDT).
info - System(LDAP)[] - 2016/06/22 15:44:16 - Session for user pulsesecure-test on host 47.23.45.130 has been terminated.
info - [47.23.45.130] - pulsesecure-test(LDAP)[PulseSecure-Test] - 2016/06/22 15:44:16 - Closed connection to APUser1 port 3389 after 420 seconds, with 8339827 bytes read (in 2972 chunks) and 31366 bytes written (in 246 chunks)

 
Cause
This issue was caused by a software defect where Host Checker failed to send the updated VPN session cookie data to the PCS server at the interval defined in the Endpoint Security settings.
VPN session cookies get exchanged between the client and server multiple times during the login process and then at the scheduled interval defined in the Endpoint Security settings.  
When the PCS server does not receive the updated cookie data from the client the server will detect this as a stale session and the session will be terminated.
 
Solution
This issue is fixed in the following releases:
PCS version 8.1R11 and up
PCS version 8.2R3 and up

Please go to https://my.pulsesecure.net to download software.

As a workaround, setting the Host Checker interval to '0' for the "Perform check every 'x' minutes" value will prevent sessions from being terminated.  (By setting the interval to '0' the endpoint compliance check will only be run at login and no further evaluations of the endpoint will be executed.)

User-added image

 
Related Links
Attachment 1 
Created ByUmesh Palla

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255