Known Issues

Release 22.7R4

No new known issues in this release.

Release 22.7R3

Summary: [mac-sequoia] Browser based ISAC installation fails.

Workaround: None.

Fix will be available in ISAC 22.7R4 (October 2024)

Summary: [mac-sequoia] Upgrade prompt appears after upgrade to latest version.

Workaround: Click Cancel on upgrade prompt.

Fix will be available in ISAC 22.7R4 (October 2024)

Summary: Intermittently observed the Ivanti secure access client (ISAC) crash on macOS Sonoma while upgrading to the 22.7R3 ISAC client.

Workaround: None, ISAC recovers automatically.

Summary: When trying to connect to a ZTA connection on ISAC, CEF download is prompted. On clicking "OK" the download fails INTERMITTENTLY with the error "CEF package download failed. Error:getpeername() failed".

Workaround: Unload and Load dsAccessService or Restart the machine.

Release 22.7R2

Summary: The VPN connection goes into a loop (connect/disconnect) when Location Awareness rules are configured for DNS servers on the Physical adapter, and the same DNS server is configured on the ICS.

Workaround: Enable the registryKey [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Pulse Secure] "DisableNotifyInterfaceUpdate"=dword:00000001.

Summary: Unable to connect to internet after a secure connection fails.

Workaround: Restart the machine.

Summary: The Pulse Secure Installer Service (PSIS) installation is failing.

Workaround: Install the earlier version (22.7R1/22.6R1) PSIS for the fresh ISAC installation scenarios via browser.

Summary: Ivanti Secure Access Clientregisters its DNS proxy Provider network extension with the system for some feature like TE FQDN and minTTL and stops working if any other application with DNS Proxy provider runs simultaneously. As per Apple, only one "DNS proxy Provider" network extension can be present on the machine.

Workaround: Uninstall applications with DNS Proxy provider network extension before Installing Ivanti Secure Access Client

Summary: Ivanti secure Access Client prompts for authentication post upgrade.

Workaround: Re-authenticate and continue to use Ivanti Secure Access Client.

Release 22.7R1

Summary: Client freezes on the Role Selection window during timeout phase and does not allow user to select any Role.

Workaround: Close the client from the tray and reopen.

Summary: Intermittently users are unable to access the backend resources when both ZTA and VPN connections are connected.

Workaround: Open ISAC UI from tray, disconnect ZTA connection and reconnect.

Summary: Client is not honoring new GW MTU when GW failover happens in GW group if GWs are having different MTUs.

Workaround: None.

Summary: Enrollment fails from browser and will give error "SAP is not configured for /login /login/enroll" when device policy is enforced on the user sign-in policy and the same device policy is modified.

Workaround : Navigate to Secure Access->Manage Users->User Policies and need to edit/save the user policy on which device policy is mapped post changing the device policy.

Release 22.6R1

Summary: Multiple instances of ISAC UI observed. User input is accepted in all instances.

Workaround: None

Summary: On rare occurrences, client UI closes during manual connect or disconnect of connections.

Workaround: Use system tray to launch Client UI.

Summary: Pulse setup client is not installing/upgrading. The client does not display the client upgrade prompt when connecting to the ICS server with http connection.

Workaround: Use https Sign-in URL to connect to ICS server.

Summary: During simultaneous (nZTA + VPN) connection, Auth failure message '1319' displays for VPN connection for a brief period.

Workaround: Connect nZTA first and then initiate VPN connection or vice versa.

Summary: On rare occurrences, connection fails due to CEF browser crash.

Workaround: Restart dsAccessService.

Summary: CEF browser crashes on Mac OSX when resuming from sleep.

Workaround: None.

Summary: User not able to connect to VPN.

Workaround: Close and re-launch client from spotlight.

Summary: Download triggers before clicking “Upgrade” button on the upgrade message window when auto-upgrade is enabled.

Workaround: None.

Summary: User sees an embedded browser white blank screen while reconnecting SAML auth for few seconds.

Workaround: None.

Summary: During Simultaneous (nZTA + VPN) connection, one of the connections might take slightly longer time to connect.

Workaround: Connect first to nZTA and the VPN or vice-versa.

Summary: When user clicks to connect to ZTA, the connection does not start. This is specific to ZTA connections and is seen to happen during machine start of machine left idle for long time with ZTA in disconnected state

Workaround: Restart the machine or delete and re-enroll the client again.

Summary: The ZTA connections reconnect at random times.

Workaround: None.

Release 22.5R1

Summary: When ZTA and Classic connections exist simultaneously, the classic gateway connection gets stuck in "Checking Compliance" state

Workaround: Restart the client and establish either ZTA or classic connection.

Summary: When ZTA is connected and ISAC crashes, it is noticed on recovery the DNS resolution is blocked on the machine.

Workaround: Only if ZTA workflow crashes, create a registry key HKLM\SOFTWARE\Pulse Secure\Pulse DWORD key AutoUnloadWFP with value 1.

Summary: Linux ISAC is unable to download CEF browser and ISAC crashes.

Workaround: Manually install CEF.

Summary: With pre-configured ICS and all client components installed on the endpoint, auth re-directs to default login URL instead of custom SAML auth URL when trying to enroll with multi sign-in URL.

Workaround: Deep clean endpoint for all client components and perform a fresh installation.

Release 22.3R3

No new Known Issues in this release.

Release 22.3R2

Symptom: PIN prompt for the FIDO Authentication is not displayed for Linux users.

Condition: When FIDO password Authentication is enabled.

Workaround: None

Symptom: Rarely users come across a BSOD while resuming the machine from Hibernation.

Condition: When a machine is in Hibernate mode.

Workaround: None.

Symptom: Rarely users come across a BSOD while upgrading the client.

Condition: When split DNS is enabled.

Workaround: None.

Symptom: ISAC Client help shows release version as 22.4.

Condition: When help is accessed through ISAC 22.3R2

Workaround: None.

Symptom: VPN SAML Authentication fails on Mac OS with Embedded browser.

Condition: When Azure SAML IdP is configured with certificate-based login.

Workaround: Enable FIDO2 U2F for SAML authentication option under connections to use CEF browser for SAML with certificate-based authentication.

Symptom: Upgrade to latest ISAC version fails.

Condition: Cisco Any Connect software is installed and running.

Workaround: Stop the Cisco Any Connect from services.msc

Release 22.3R1

Symptom: Preconfig file is not deployed on the client PC.

Condition: When using msiexec command.

Workaround: None.

Symptom: The display name on Windows Task Manager differs compared to OS versions prior to Win 11 22H2.

Condition: Windows OS version is Win 11 22H2 or higher.

Workaround: None.

Symptom: Ivanti Secure Access Client disconnects randomly on Windows.

Condition: When Ivanti Secure Access Client and a combination of Windows Connection Manager is used.

Workaround: None.

Symptom: PSAL download prompt appears multiple times on macOS 13.

Condition: When installing client using browser.

Workaround: Ignore the message and click 'Download' to proceed.

Summary: Random user observed ZTA onboarding failed.

Condition: While Enrolling ZTA connection.

Workaround: Uninstall and reinstall the client.

Symptom: PSAL and setup client launch fails when ICS is upgraded from 9.1R15.

Condition: When PSAL browser extension is enabled.

Workaround: Download and launch PSAL again.

Summary : While upgrading to the 22.3R1 client prompts to close some applications.

Condition: Upgrading the client to the 22.3R1 version from older version.

Workaround: Ignore the prompt and proceed with the upgrade.

Symptom: User cannot disconnect the active VPN session.

Condition: L3 and ZTA connections are used on macOS 13.

Workaround: Re-launch UI.

Symptom: On upgrading client to 22.3R1, during the first UI launch, the UI crashes.

Condition: On Windows machines having 15 or more connections configured

Workaround: Launch the client UI again from start menu.

Symptom: EdgeWebView2 Runtime installation mandates a minimum of 2GB free diskspace even when not actually utilized.

Condition: Ivanti Secure Access Client requires to use Embedded Browser (SAML, Custom Sign-in pages) etc

Workaround: The minimum free disk space requirement is a pre-requisite to ensure seamless working of Edge based Embedded Browser.

Symptom: Switching from classic UI to NEUX, launches Ivanti Secure Access Client in full screen mode.

Conditions: When L2 and L3 connections are used.

Workaround: None.

Symptom: Add and Remove program has both classic and React UI present.

Condition: When Client is installed.

Workaround: None.

Summary: when the machine wakes up after a long sleep, sometimes the Client UI shows the error "Failed to setup virtual adapter".

Condition: When a ZTA connection is attempted on Linux OS.

Workaround: Click Retry and attempt to connect again.

Symptom: Server CA fails to install on the end points.

Condition: Randomly happens on some MAC machines.

Workaround: Delete the existing connection and add new ZTA connection.

Symptom: Lockdown enable/disable on tenant takes more time to reflect in client connstore.dat file.

Condition: When we make changes with respect to lockdown on the tenant.

Workaround: None

Symptom: dsAccess service crashed after system sleep.

Condition: When using ZTA and ICS tunnel on Mac Book Pro Ventura 13.0.

Workaround: Restart Ivanti Secure Access Client services.

Symptom: Error 1107 observed when using browser based enrollment.

Condition: When security enabled POD is running.

Workaround: Reconnect the connection.

Symptom: Ivanti Secure Access Client does not move to Connected state.

Condition: On Minimum Client Version upgrade.

Workaround: None.

Symptom: Pop-up blocked for the enrollment URL

Condition: When using PSAL browser extension is enabled.

Workaround: Close and open the browser again.

Symptom: System preferences popup does not appear until machine reboot/re-login.

Condition: When using Always-ON VPN with lock-down connection.

Workaround: None.

Symptom: Every disconnect and connect installs the Lookout forward proxy certificate on macOS.

Condition: When trying to establish a connection.

Workaround: None.

Symptom: Error 1147 observed after uninstalling (with save configuration) and re-installing ISAC for ZTA .

Condition: When ZTA connection details are saved previously.

Workaround: Re-enroll the connection.

Release 22.2R1

Symptom: PSAL failed to launch JAVA applets on MAC M1 Ventura 13.

Condition: When end-user launches JSAM.

Workaround: None.

Symptom: The Ivanti Secure access client on Windows or macOS machines establishes the VPN session with the Ivanti Connect Secure displayed as the FIPs client under the Active users' page.

Condition: The 22.2R1 client is used for establishing the session

Workaround: None.

Symptom: DMG package on Ventura platform shows the file was downloaded on an unknown date and is damaged.

Condition: When Host checker is configured, the client fails to launch through browser or browser based connection.

Workaround: None.

Symptom: Ivanti Secure Access Client Service (dsTMService.dll) crashes intermittently and the user faces disconnection.

Condition: When a DNS response contains very long CNAME entries and the payload is compressed, there is a chance of a parsing error, resulting in a crash.

Workaround: None.

Symptom: A Warning displays, "Uninstall is damaged can't be opened" on MAC Ventura 13.0.

Condition: During Ivanti Secure Access Client uninstallation.

Workaround: None.

Symptom: Smart card login fails when used on custom sign-in page.

Condition: Custom sign-in page is mapped to VPN sign-in URL.

Workaround: Map default sign-in page to the VPN sign-in URL or VPN sign-in can be performed through chrome browser and then Ivanti Secure Access Client connection can be started from browser

Symptom: Ivanti Secure Access Client rebranded package creation through ConfigureInstaller python script fails.

Condition: Ivanti Secure Access Client rebranded package creation is performed on Big Sur or Monterey.

Workaround : Perform ISAC rebranded package creation on Catalina.

Symptom: "Securing Connection" status is not seen on New-UX.

Condition: When using New-UX client.

Workaround: None.

Symptom: Mac- With ICS and IPS connections, for each disconnection of VPN, Un-expected UI switch happens. This happens when a different Admin Setting is enabled for Client UI Mode than the existing display in the Client UI.

Condition: When user tries to connect to two connections in the client, that is ICS and IPS connections.

Workaround: None.

Symptom: UI Switch as per Admin Settings does not work for the second connection in desktop client.

Condition: When there exist two ICS connections, ICS and IPS connections, or for tunnel in tunnel case.

Workaround: None

Symptom : Set-up client error pop up seen when connecting to an older server.

Condition : New Client connecting to older Server.

Workaround: Install the client manually or upgrade the client by connecting to Ivanti Connect Secure using client.

Symptom: Ivanti VPN Web page stuck at ”Searching for PSAL” even after L3 VPN session established.

Condition: Custom sign-in pages mapped to corresponding VPN Sign-in URL and end-user launches L3 VPN connection from browser VPN session.

Workaround: Click “Please click here to go back” on the PSAL search page when L3 VPN session is started.

Symptom: No notification to user when New-UX is asking for credentials. This eventually leads to User Input timeout.

Condition: When user does not enter credentials.

Workaround: Need to check New-UX to enter credentials.

Symptom: "Searching for Application Launcher Page" displays even after successful Install and connecting to VPN.

Condition: The installation/launch of Ivanti Secure Access Client using Firefox.

Workaround: Refresh the browser.

Symptom: VPN Connection may fail to establish in proxy environment where automatic PAC URL is configured.

Condition: Web server send the PAC file without http response header content-length instead sends transfer-encoding: chunked.

Workaround: Configure web server hosting PAC file to send content-length in http response header.

Symptom: Accessibility feature does not work on New-UX.

Condition: When using New-UX.

Workaround: Use classic UI.

Symptom: May observe the Ivanti Secure Access Client crash while establishing an L4 connection on macOS.

Condition: The 9.1R15 client connecting to 9.1R16 which is upgraded from 9.1R15 to R16 with macOS PSAM configurations configured on the R15.

Workaround: Upgrade the client to 22.2R1 or delete and recreate the new macOS PSAM configurations after the upgrade.

Symptom: If New-UX client is minimized to windows taskbar, it does not open if user selects to open the client from Tray.

Condition: New-UX client minimized to Windows taskbar.

Workaround: Manually select the taskbar icon and open the New-UX client.

Symptom: CPU usage might increase when Auto-Refresh is enabled on New-UX.

Condition: When Auto-Refresh is enabled on NEUX.

Workaround: Disable Auto-Refresh.

Symptom: No system sound to notify the end user that user input is required while User Credentials input screen is displayed.

Condition: User Sign in workflow.

Workaround: None.

Symptom: During Ivanti Secure Access client installation, the installation time exceeds by a noticeable margin.

Condition: This is dependent on current load at the endpoint; However, mostly noticeable during all installations and upgrades.

Workaround: None.

Symptom: Sometimes valid error message not shown.

Condition: In some scenarios, whenever the MessageCatalog file got into some issue, unable to get the corresponding error message.

Workaround: None.

Symptom: Not able to launch New-UX on Vanilla Windows 20H2 OS Build 19042.1110 and windows server 2022.

Condition: During Ivanti Secure Access Client installation or auto-upgrade.

Workaround: None, use Classic UI.

Symptom: Server certificate error is shown repeatedly for untrusted certificates.

Condition: When ISAC connects to ICS (Directly \ through Hotspot) having untrusted certificates then certificate exception page will be shown repeatedly.

Workaround: End user must click continue to <server> link on the certificate error page.

Symptom: "This Extension is not trusted by Enhanced Security Browser" warning prompts during the Ivanti Secure Access Extension installation.

Condition: While launching or installing the clients via Browser.

Workaround: None.

Symptom: Chromium embedded framework (CEF) based browser will be used by 22.2R1+ clients only during credential provider SAML login.

Condition: ISAC connection set is enabled for Embedded browser for Authentication with Edge Webview2 browser engine and credential provider.

Workaround: ISAC is already handling the credential provider use case with CEF browser.

Symptom: Uninstall fails to remove UI component for New-UX client.

Condition: During client uninstallation.

Workaround: None.

Symptom: Diagnostic tool is not opening using Ctrl+F2 on New-UX client.

Condition: When invoking Diagnostic tool from client.

Workaround: Open diagnostic tool manually.

Symptom: New-UX client controls, labels and text are misaligned clipped.

Condition: When client window is resized.

Workaround: None.

Symptom: Auto retry of User Input Timeout is not working in New-UX.

Condition: User Input timeout error.

Workaround: Manually Retry user input.

Symptom: Ivanti Secure Access Client not responding after some days of usage.

Condition: On Ivanti Secure Access Client usage for some days.

Workaround: Restart the application or reboot the system.

Symptom: Splash screen off setting if selected on the server is not reflecting on the New-UX client.

Condition: New-UX fresh launch.

Workaround: None.

Symptom: Memory Usage may gradually increase when using New-UX.

Condition: When auto-refresh is enabled.

Workaround: Disable auto-refresh.

Symptom: New-UX client on Windows 2022 Server is not available due to missing dependencies.

Condition: When New-UX client is used on Windows 2022 Server.

Workaround: None.