Reset Search
 

 

Article

KB28732 - [PPS/MAG-PCS, Pulse Secure Desktop Client] Upgrading ESAP in an L2 authentication environment

« Go Back

Information

 
Last Modified Date8/1/2015 2:07 PM
Synopsis

This article describes how to upgrade the Endpoint Security Assessment Plug-In (ESAP) in an L2 authentication (802.1x) environment.

Problem or Goal

The ESAP package library on a client machine (Pulse Secure Desktop Client or OAC) will not upgrade in an L2 authentication (802.1x) environment even if the ESAP package was already upgraded on the PPS appliance.

From client logs, you may see the following outputs:

00177,09 2014/01/03 10:42:02.281 3 xxx OdTray.exe odTray p1416 t1594 OdTrayWindow.cpp:567 - 'odTray' OD_CONNECT_STATUS (detailed) - L2_DISCONNECTED L2_AUTHENTICATION_FAILED

00152,09 2014/01/03 10:44:30.633 1 xxx  jTnccService.exe OpswatIMC p1512 tCAC opssdk.cpp:603 - 'OpsSDK::downloadFile' unable to download file UnifiedSDK.zip.

Cause

The client-side ESAP package upgrade requires L3 connectivity to the PPS appliance. If the L2 authentication network (with 802.1x) is configured with no open port for the PPS appliance, the client is unable to obtain an IP address when L2 authentication fails. If the remediation VLAN is unable to reach the PPS appliance via L3, the HostChecker module cannot download the ESAP package from the UAC appliance. Thus, the client ESAP libraries cannot upgrade.

This is by design.

Solution

To avoid this situation, use one of the workarounds listed below:

  1. Switch ESAP check enforcement to evaluation only. It will then accept authentication and assign full network access, which will enable the client to communicate with the PPS appliance. After a periodical check is run, the ESAP library can be upgraded. After the library is upgraded, you can switch the HostChecker option back to enforcement.
 
  • Create a remediation VLAN to access the PPS appliance via L3 access without authentication.
 

Note:

  • Run the installer with admin credentials.
  • You must add arguments as /oac or /Pulse Secure Desktop Client (accordingly) to run the installer and update the files.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255