Hi,
Below is how VIA Pre-Connect works, let me know if you have tried this and at what stage do you see a failure.
VIA 2.1 contains a new feature of Domain Pre-Connect.
"Domain Pre-Connect", which is intended to let a client machine establish a connection to the controller even when the user is not logged in. This lets the machine be in contact with a domain controller, which can be handy for password changes/expiration.
The support starts from AOS 6.1.3.1 or later on the controller to take advantage of all the latest features, although VIA 2.1 is backwards compatible with previous versions if you do not need the new features.
Domain Pre-Connect allows the VIA client to start when the computer is at the ctrl-alt-delete screen and submit machine credentials in the background. The machine would of course have to be wired, or connected to a wifi network that would allow it to pass IPSEC traffic at the ctrl-alt-delete prompt.
You would have to already have downloaded and installed the VIA client 2.1.0.0 and above and connected once using a VIA connection profile that has the "domain pre-connect" checkbox enabled. This checkbox is only available in ArubaOs 6.1.3.1 and above and is located in the VIA Connection Profile:
The idea of this feature is to connect you to the enterprise network as if you have the ethernet cable plugged in, but over VPN. That will allow you to do things like run login scripts, and be able to change an expiring password at the ctrl-alt delete screen.
Make sure you have network connectivity to the client when user is logged off.
· Configure VIA connection profile for IKEv2+User certificates. (The feature works only with IKEv2 as of now).
· The certificates have to be stored in machine store.
· Establish at least one normal VIA IPsec connection when user is logged into the machine. (domain pre-connect creates its own profile using this profile).
· Now log off the machine domain pre-connect would be initiated.
· In controller you can see, the initial IPsec connection will be teared off and new connection will be triggered. (Use “show user” command).