KB43875 - Authentication with Pulse Desktop client fails with "General Error 1300" when Host Checker is configured with a machine certificate policy that is enforced on the role.

This article provides the root cause and solution for Pulse desktop client authentication to fail with "General Error 1300" when a machine certificate Host Checker policy is enforced on the user role. 

When Host Checker is configured a machine certificate policy with one or more of the settings listed below and enforced on the role, Pulse authentication can fail with "General Error 1300".

• Host Checker machine certificate policy is configured with the Issuer Certificate set to Any Certificate.
• Host Checker machine certificate policy is configured to check for a specific certificate but one or more optional requirements set in the rule uses a wildcard for the expected value. 
• The client-side machine has a large number of issued certificates in the machine certificate store.

If the machine certificate store on the client PC contains a large number of machine certificates and a Host Checker machine certificate policy is configured to check for "Any" certificate or certificates with "Any DN" values, the client will send all certificates in the machine certificate store to the server at one time.  

This issue can be resolved by implementing one or more of the following solutions:

• Remove expired certificates from the client machine certificate store.
• Modify the Host Checker machine certificate policy to check for certificates issued from a specific CA.
• Modify the optional rule in the machine certificate policy to check for a specific DN value in the certificate.