Reset Search



KB43600 - After installing January 3, 2018 Microsoft Patches, Pulse client connections fail when Host Checker is applied

« Go Back


Last Modified Date1/8/2018 8:12 PM
This article describes an issue where after installing Microsoft patches released with the Windows update on January 3, users are unable to launch a VPN tunnel using Pulse Desktop client when Host Checker is applied.

After installing the Microsoft patches from the Windows update released on January 3, KB4056892,KB4056891,KB4056890,KB4056888,KB4056893  on Windows 10 and KB4056898 on Windows 8.1, Pulse users are unable to launch a VPN tunnel using Pulse Desktop client when Host Checker is applied at realm or role level.

Microsoft patches that trigger the issue are listed below:
Windows 8.1 January 3, 2018—KB4056898
Windows 10 version 1709 January 3, 2018—KB4056892 (OS Build 16299.192)
Windows 10 version 1703January 3, 2018—KB4056891 (OS Build 15063.850)
Windows 10 version 1607January 3, 2018—KB4056890 (OS Build 14393.2007)
Win10 1511 LTSBJanuary 3, 2018—KB4056888 (OS Build 10586.1356)
Win10 1507 LTSBJanuary 3, 2018—KB4056893 (OS Build 10240.17738)

Note: Windows 7 is not impacted as Microsoft patch KB4056897 does not have the known issue with the "CoInitializeSecurity" call.

Microsoft update details for Windows 7 SP1 is listed below:

Windows 7 -
Problem or Goal
On Windows 10 clients with Microsoft Patch KB4056892,KB4056891,KB4056890,KB4056888,KB4056893 installed and Windows 8.1 with KB4056898 installed, Pulse Host Checker users experience the following issue:
  • When HC is applied at realm level, Pulse connection fails with following error:

Connection Error. Authentication rejected by server. (Error:1308)

User-added image
  • When HC is applied at role level, Pulse connection fails with following error:
Connection Error. You are not allowed to sign in. (Error:1329)
User-added image

After uninstalling the above-mentioned patches, the Pulse connection is established successfully with HC applied at the realm or role level.

This issue is caused by Microsoft Patches KB4056892,KB4056891,KB4056890,KB4056888,KB4056893 and KB4056898, as follows:  

Calling CoInitializeSecurity with the authentication parameter set to RPC_C_AUTHN_LEVEL_NONE resulted in the error STATUS_BAD_IMPERSONATION_LEVEL.Pulse Host Checker makes calls to the affected functions at runtime which results in the Pulse client failing to start the Host Checker plugin and produces the failure messages.  

The issue can be identified with the following string in the Pulse client-side debuglog.log: 

SYSTEM PulseSecureService.exe dsAccessService p0184 tCAC accessServiceApi.cpp:66 - 'AccessService' 
IRunningObjectTable::GetObject failed with code 0x80070005"

To verify this issue from the client-side Pulse logs:
  1. On the client PC, open the Pulse client and from the menu, select File > Logs > Log level and set to Detailed.
  2. Replicate the issue.
  3. From the Pulse client, save the Pulse logs by selecting File > Logs > Save As... and specifying a location.
  4. Extract the contents of then browse to the debuglog.log file from LogsAndDiagnostics\Logs\ProgramData.

The fix for this issue is in the following Pulse Secure Desktop client releases:
  • Pulse Secure Desktop Client-5.3R4.1 Software (Build 1183)
  • Pulse Secure Desktop Client-5.2R9.1 Software (Build 1161)

The above releases can be downloaded from Pulse Secure Licensing and Download Center.

The fix will be included in Pulse Secure Desktop Client-5.3R5 and above, 5.3R5 is tentatively scheduled for end of Q1 2018.

For details on downloading software, refer to KB40028 - [Customer Support Tools] How to download software / firmware for Pulse Secure products using the Licensing & Download Center at

Microsoft has recently released patches to fix this issue for below OS, we have confirmed that with these below patches applied, we need not upgrade to Pulse Secure Desktop Client-5.3R4.1 and Pulse Secure Desktop Client-5.2R9.1 to fix this issue on these OS.

Windows 10 1709 :
Windows 10 1703 :
Windows 10 1607 :
Windows 8.1         :

Note : Pulse Secure Desktop Client with the fix i.e 5.3R4.1 and above, 5.2R9.1 will not be impacted when Microsoft releases the patches with the fix.

Attachment 1 
Created BySha Hussian



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255