Reset Search
 

 

Article

KB41036 - Dual authentication failing with Pulse Secure Desktop client 5.3R3 and 5.2R9 with the error message “Connection Error Authentication failure. ( Error:1309 )”

« Go Back

Information

 
Last Modified Date11/7/2017 6:39 PM
Synopsis
This article describes an issue where dual authentication failing after Pulse Secure Desktop client is upgraded to 5.3R3 and 5.2R9 with the error message “Connection Error Authentication failure. (Error:1309)”.
Problem or Goal
After upgrading the Pulse Secure Desktop client to 5.3R3 or 5.2R9, end users connects to a Pulse Connect Secure (PCS) device configured with dual authentication may see the following error message:
​Connection Error

Authentication failure. (Error:1309)

User-added image
Cause
This issue occurs due to a software bug in the Pulse Secure Desktop client version 5.3R3 and 5.2R9.

This is a generic error message that may result due to a variety of reasons This issue is applicable when all below conditions are met:
  • The user realm is configured with either Certificate or Active Directory as primary authentication and secondary authentication with LDAP, Radius, or System Local.
  • The secondary authentication is configured with the option "predefined as <USER>".
  • Pulse Desktop Client (MacOS and Windows) version  is upgraded to 5.3R3 or 5.2R9.
  • If the pulse client debuglog contains the following message stating the username field is empty. The debuglog is located in the pulse Secure Desktop log file in the path ( LogsAndDiagnostics.zip\Logs\ProgramData\debuglog.log ).For more information about collecting Pulse Secure Desktop Client logs for Windows and MAC OS, refer to KB17327 - How to collect the log file from Pulse Secure Desktop client?
        
00213,09 2017/10/25 09:47:55.895 3 bwalker002 PulseTray Pulse p0864 t403 DialogManager.cpp:321 - 
'JamUI' Prompt request kPromptTypeUsernamePassword, Connection='wc', Index=(ive:3c510b879fed4fccb0d13bed6154e28b), 
xid = 31
00131,09 2017/10/25 09:48:03.562 4 root dsAccessService eapService p0051 t690B JNPRClient.cpp:3514 - 
'eapService' Username is empty failed

Solution
Pulse Secure has identified the root cause of this issue. We apologize for the inconvenience this issue may have caused and will further investigate how to prevent these issues from occurring in the future. The fix will be in Pulse client 5.3R4 tentative ETA end of Dec 2017. Please continue to monitor the following article for the latest information on the issue and fix.

Workaround:

  • End users may log-in using the web browser.  The issue only impacts users when Pulse Secure Desktop client is used directly.
  • Have configuration in User REALM to have the secondary username set to "specified by user on sign-in page" rather than pre-defining as the variable <USER>.

        Note : With this option selected, the users needs to enter their username during the secondary authentication prompt shown. 

User-added image

 
  • Continue to use Pulse client 5.3R2 or 5.2R8.
Related Links
Attachment 1 
Created ByLokesh T K

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255