KB40109 - Pulse Secure Linux client fails to launch when enabled on a realm/role

This article describes the limitation of 8.1R7 version of Pulse Secure Linux client when Host checker is enabled.

When attempting to connect with Pulse Secure Linux client and host checker is enabled on the realm or role, you will see the following error message:

Host Checker set on realm:

20160211164036.543337 ncsvc[p3150.t3150] dsclient.info --> POST /dana-na/cc/ccup
date.cgi (authenticate.cpp:181)
20160211164036.561077 ncsvc[p3150.t3150] dsclient.info <-- 200  (authenticate.cp
p:213)
20160211164036.561108 ncsvc[p3150.t3150] dsclient.error state host checker faile
d, error 10 (dsclient.cpp:345)
20160211164036.561247 ncsvc[p3150.t3150] ncapp.error Failed to authenticate with
IVE. Error 10 (ncsvc.cpp:253)

Host Checker set on role:

20160211165447.271504 ncsvc[p3189.t3189] dsclient.error state post auth cache cl
eaner failed, error 10 (dsclient.cpp:417)
20160211165447.271636 ncsvc[p3189.t3189] ncapp.error Failed to authenticate with
IVE. Error 10 (ncsvc.cpp:253)

During the initial release of Pulse Secure Linux, Host checker functionality is not present in the 8.1R7 version of Pulse Secure Linux client. If a VPN connection is terminated by the PCS server, and Host checker is enabled on the PCS for the user role or realm, the user cannot connect.

To resolve this issue, please upgrade the Pulse Secure Linux to 8.2R2 and above.  For more information, please refer to the 8.2R2 release notes.

Workaround:

If upgrading the Pulse Secure Linux client is not possible, this limitation can be mitigated either by disabling Host Checker on the user role/realm or by creating a new realm and role without Host checker enabled specifically only for command line Linux users.