Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-05-2021 06:56 PM
I'm excited to finally have pre-login working per the logs below. But after the successful certificate based pre-login,
portal-getconfig fails. On the pan the error message is "Failed to get client configuration". Any advise on how to troubleshoot this further is appreciated!
05-11-2021 11:30 AM
The answer in my case was in Portal/Agent/Config Selection to choose "Any". Intune
is managing all the cert so only a valid laptop would have the cert. The laptops get
wiped via Intune at termination.
05-07-2021 03:41 AM
did you enable cookies as authentication for the portal?
you can both set the portal and/or gateway to generate cookies, and then set the portal to accept cookies
that way your agents should be able to retrieve config
05-07-2021 11:32 PM
Hi @MichaelMedwid ,
From your log it seems you are using the "new" feature connect before login, not pre-logon, is that right?
I haven't had a chance to test the new method (not 10.0), but the error message indicates that FW is failing to match client config for the connected agent. Previously with Pre-Logon method, PC was establishing tunnel to FW with "hardcoded" username "pre-logon". The login process is absolutely the same as if end user is connecting (it first connect to gp portal, get config, connect to gp-gateway). Once user logins to Windows GP will rename/re-establish the tunnel with the actual user and replace (which will again go through the same process, gp portal, config, gp gateway).
Which means that in your portal and gateway client config you need to have config that will match username "pre-logon", either config specific policy matching this user, or have "any" for matching criteria.
Looking at your log it seems this is not exactly the case as you can see the actual username in the portal login event. But I still believe the problem is that your user is not matching any client config under the gp portal. How it is configured? What you have for matching criterias?
I am not sure if understand @reaper as GP 5.2 new features guide says:
Because Connect Before Logon prompts you to authenticate twice on the portal and gateway when logging in to the Windows endpoint for the first time, the Authentication Override cookie is not working as expected.
05-11-2021 11:30 AM
The answer in my case was in Portal/Agent/Config Selection to choose "Any". Intune
is managing all the cert so only a valid laptop would have the cert. The laptops get
wiped via Intune at termination.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
