Reset Search
 

 

Article

KB41036 - Dual authentication failing with Pulse Secure Desktop client 5.3R3 and 5.2R9 with the error message “Connection Error Authentication failure. ( Error:1309 )”

« Go Back

Information

 
Last Modified Date11/7/2017 6:39 PM
Synopsis
This article describes an issue where dual authentication failing after Pulse Secure Desktop client is upgraded to 5.3R3 and 5.2R9 with the error message “Connection Error Authentication failure. (Error:1309)”.
Problem or Goal
After upgrading the Pulse Secure Desktop client to 5.3R3 or 5.2R9, end users connects to a Pulse Connect Secure (PCS) device configured with dual authentication may see the following error message:
​Connection Error

Authentication failure. (Error:1309)

User-added image
Cause
This issue occurs due to a software bug in the Pulse Secure Desktop client version 5.3R3 and 5.2R9.

This is a generic error message that may result due to a variety of reasons This issue is applicable when all below conditions are met:
  • The user realm is configured with either Certificate or Active Directory as primary authentication and secondary authentication with LDAP, Radius, or System Local.
  • The secondary authentication is configured with the option "predefined as <USER>".
  • Pulse Desktop Client (MacOS and Windows) version  is upgraded to 5.3R3 or 5.2R9.
  • If the pulse client debuglog contains the following message stating the username field is empty. The debuglog is located in the pulse Secure Desktop log file in the path ( LogsAndDiagnostics.zip\Logs\ProgramData\debuglog.log ).For more information about collecting Pulse Secure Desktop Client logs for Windows and MAC OS, refer to KB17327 - How to collect the log file from Pulse Secure Desktop client?
        
00213,09 2017/10/25 09:47:55.895 3 bwalker002 PulseTray Pulse p0864 t403 DialogManager.cpp:321 - 
'JamUI' Prompt request kPromptTypeUsernamePassword, Connection='wc', Index=(ive:3c510b879fed4fccb0d13bed6154e28b), 
xid = 31
00131,09 2017/10/25 09:48:03.562 4 root dsAccessService eapService p0051 t690B JNPRClient.cpp:3514 - 
'eapService' Username is empty failed

Solution
To resolve this issue, please upgrade to Pulse Desktop Client 5.3R4 and above. 

Workaround:

  • End users may log-in using the web browser.  The issue only impacts users when Pulse Secure Desktop client is used directly.
  • Have configuration in User REALM to have the secondary username set to "specified by user on sign-in page" rather than pre-defining as the variable <USER>.
        Note : With this option selected, the users needs to enter their username during the secondary authentication prompt shown. 
User-added image
  • Continue to use Pulse client 5.3R2 or 5.2R8.
Related Links
Attachment 1 
Created ByLokesh T K

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255