This article describes the issue of users, when using Host Checker on the Junos Pulse Secure Access Controller (IC) or Junos Pulse Secure Access Gateway (SA), not being able to login if a specific Host Checker configuration is in use.
When all pre-defined anti-virus and firewall products are selected, users may receive the following error:
Reason: Authentication rejected by server. Error 1319.
This occurs when the administrator creates two separate Host Checker policies, one policy for firewall products and the other for anti-virus products, and then selects the Require any supported product option on both policies.
This error is due to the Host Checker client product detection size limitation in IVE OS 7.1 and earlier.
Example of possible (debuglog.log) log message:
EAP-JTNC Request xxxxxx exceeds maximum fragment 100000.
This is resolved in 7.2 (SA) and 4.2 (IC) versions of the server software and Junos Pulse 2.1 client software and later.
To work around this issue, select only the pre-defined products that users are expected to use. A large number of unnecessary products can easily be removed based on vendor or the languages utilized by users.