Reset Search



KB40461 - Windows 10 secure sessions get disconnected due to Host Checker time out

« Go Back


Last Modified Date3/15/2017 5:55 PM
This article provides the root cause and solution for an issue where Windows 10 users get disconnected due to a Host Checker time out.

Problem or Goal
If Host Checker is configured with an interval other than '0' Windows 10 users get disconnected at the second scheduled Host Checker interval due to Host Checker timing out and terminating the session.

This issue only affects Windows 10 users who login to a realm and/or get assigned a role where Host Checker is configured to check the compliance of the machine .

The User Access Log will show the following messages:
info - [] - pulsesecure-test(LDAP)[PulseSecure-Test] - 2016/06/22 15:44:16 - System process detected a Host Checker 
time out on host  for user 'pulsesecure-test'  (last update at 2016-06-22 15.36.51 -0400 EDT).
info - System(LDAP)[] - 2016/06/22 15:44:16 - Session for user pulsesecure-test on host has been terminated.
info - [] - pulsesecure-test(LDAP)[PulseSecure-Test] - 2016/06/22 15:44:16 - Closed connection to APUser1 port 3389
 after 420 seconds, with 8339827 bytes read (in 2972 chunks) and 31366 bytes written (in 246 chunks)

This issue was caused by a software defect where Host Checker failed to send the updated VPN session cookie data to the PCS server at the interval defined in the Endpoint Security settings.
VPN session cookies get exchanged between the client and server multiple times during the login process and then at the scheduled interval defined in the Endpoint Security settings.  
When the PCS server does not receive the updated cookie data from the client the server will detect this as a stale session and the session will be terminated.
This issue is fixed in the following releases:
PCS version 8.1R11 and up
PCS version 8.2R3 and up

Please go to to download software.

As a workaround, setting the Host Checker interval to '0' for the "Perform check every 'x' minutes" value will prevent sessions from being terminated.  (By setting the interval to '0' the endpoint compliance check will only be run at login and no further evaluations of the endpoint will be executed.)

User-added image

Related Links
Attachment 1 
Created ByUmesh Palla



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255