09-08-2014 08:32 PM
If you are able to export the log entry, it may help us with your solution (button on the bottom right of your Access Tracker event). As Tim stated, you are getting the reject because policy did not match (and the reject profile is likely the default profile action in that case). Despite passing authentication, the policy engine is going to evaluate the request through the Role Mapping Policy and the Enforcement Policy. By reviewing those two policies that are applied to your Service, you should be able to track why the user did not "match" anything in those policies and thus was given the reject profile instead.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
09-08-2014 08:52 PM
To do a quick test change your default policy to accept and see if the client connects. If it does then you know there is an error in your policy.
A common issue is that you have in your rules a role or enforcement condition that is EQUALS and most likely it needs to be contains. Especially if it's an ad group membership.
If its Equals then it needs to be the full ad group name
If its contains then it can be the simple name.
See example below
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
09-09-2014 02:17 AM
09-09-2014 02:20 AM