Reset Search
 

 

Article

KB43875 - Authentication with Pulse Desktop client fails with "General Error 1300" when Host Checker is configured with a machine certificate policy that is enforced on the role.

« Go Back

Information

 
Last Modified Date9/1/2018 12:18 AM
Synopsis
This article provides the root cause and solution for Pulse desktop client authentication to fail with "General Error 1300" when a machine certificate Host Checker policy is enforced on the user role. 
Problem or Goal
When Host Checker is configured a machine certificate policy with one or more of the settings listed below and enforced on the role, Pulse authentication can fail with "General Error 1300".
  • Host Checker machine certificate policy is configured with the Issuer Certificate set to Any Certificate.
  • Host Checker machine certificate policy is configured to check for a specific certificate but one or more optional requirements set in the rule uses a wildcard for the expected value. 
  • The client-side machine has a large number of issued certificates in the machine certificate store.
User-added image
Cause
If the machine certificate store on the client PC contains a large number of machine certificates and a Host Checker machine certificate policy is configured to check for "Any" certificate or certificates with "Any DN" values, the client will send all certificates in the machine certificate store to the server at one time.  
Solution
This issue can be resolved by implementing one or more of the following solutions:
  • Remove expired certificates from the client machine certificate store.
  • Modify the Host Checker machine certificate policy to check for certificates issued from a specific CA.
  • Modify the optional rule in the machine certificate policy to check for a specific DN value in the certificate.
Related Links
Attachment 1 
Created ByKaren Mayberry

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255