10-07-2013 06:11 AM
Just a brief comment about the Pre connect option. We have just tested it (to solve the problem of password expiration) and we don`t see any connection attempt in the NPS. Is there something that we have forgotten to configure? We only have checked the Preconnect option in the Connection Profile.
Thanks in advance.
12-16-2013 02:45 PM
Is the device doing any machine authentication? Is this a domain computer? Here is the description from the user guide
Enable this option to allow users with lost or expired passwords to establish a VIA connection to corporate network. This option authenticates the user’s device and establishes a VIA connection that allows users to reset credentials and continue with corporate access.
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
12-17-2013 06:54 AM
Below is how VIA Pre-Connect works, let me know if you have tried this and at what stage do you see a failure.
VIA 2.1 contains a new feature of Domain Pre-Connect.
"Domain Pre-Connect", which is intended to let a client machine establish a connection to the controller even when the user is not logged in. This lets the machine be in contact with a domain controller, which can be handy for password changes/expiration.
The idea of this feature is to connect you to the enterprise network as if you have the ethernet cable plugged in, but over VPN. That will allow you to do things like run login scripts, and be able to change an expiring password at the ctrl-alt delete screen.
12-20-2013 01:59 AM
We have already upgraded to the latest controller version OS 188.8.131.52 and VIA version 184.108.40.206.40312.
We are using IKEv2 with certificates. It works. We noticed that the certificate stored in the machine is validated by the controller, but there is not any machine credentials validation in the NPS before the ctrl+alt+supr. Is that ok?
We have a trouble in the case that several certificates were stored int the machine. Although a specific certificate is selected in the VIA authentication profile, we noticed that the client selects randomly any certificate from the storage certificate. Is this a normal behaviour?
Moreover, after the ctr+alt+spr this connection is closed and a new connection is launched when the user session is started. Is there any way to avoid this, so as to the preconnect connection remains up?
Thanks in advance,
12-22-2013 10:27 PM
When IKEV2 + certificate option is selected as part of VIA authentication then, the pre-connection also uses Certificates. It uses certificates stored in the machine store. In this case since the authentication is not credential based machine credentials are not used. That is the reason you don’t find attempt with machine credentials in NPS logs.
Pre-connection selects first machine certificate available, when multiple certificates are available in the machine store.
The Pre-connection once established will remain till a user logins into the system ( not exactly on press of ctrl+alt+del). Pre-connect will terminate automatically once the user desktop is displayed. VIA user connection should take over and start connecting once the user logs in.