Known Issues

The following table lists Known Issues in the current release.

Problem Report Number

Summary

Release 22.7R4

No new known issues in this release.

Release 22.7R3

1389111

Summary: [mac-sequoia] Browser based ISAC installation fails.

Workaround: None.

Fix will be available in ISAC 22.7R4 (October 2024)

1390566

Summary: [mac-sequoia] Upgrade prompt appears after upgrade to latest version.

Workaround: Click Cancel on upgrade prompt.

Fix will be available in ISAC 22.7R4 (October 2024)

1381258

Summary: Intermittently observed the Ivanti secure access client (ISAC) crash on macOS Sonoma while upgrading to the 22.7R3 ISAC client.

Workaround: None, ISAC recovers automatically.

1378417

Summary: When trying to connect to a ZTA connection on ISAC, CEF download is prompted. On clicking "OK" the download fails INTERMITTENTLY with the error "CEF package download failed. Error:getpeername() failed".

Workaround: Unload and Load dsAccessService or Restart the machine.

Release 22.7R2

PSD-17652

Summary: The VPN connection goes into a loop (connect/disconnect) when Location Awareness rules are configured for DNS servers on the Physical adapter, and the same DNS server is configured on the ICS.

Workaround: Enable the registryKey [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Pulse Secure] "DisableNotifyInterfaceUpdate"=dword:00000001.

PSD-17446

Summary: Unable to connect to internet after a secure connection fails.

Workaround: Restart the machine.

PSD-17824

Summary: The Pulse Secure Installer Service (PSIS) installation is failing.

Workaround: Install the earlier version (22.7R1/22.6R1) PSIS for the fresh ISAC installation scenarios via browser.

PSD-16702

Summary: Ivanti Secure Access Clientregisters its DNS proxy Provider network extension with the system for some feature like TE FQDN and minTTL and stops working if any other application with DNS Proxy provider runs simultaneously. As per Apple, only one "DNS proxy Provider" network extension can be present on the machine.

Workaround: Uninstall applications with DNS Proxy provider network extension before Installing Ivanti Secure Access Client

PSD-16989

Summary: Ivanti secure Access Client prompts for authentication post upgrade.

Workaround: Re-authenticate and continue to use Ivanti Secure Access Client.

Release 22.7R1

PSD-15911

Summary: Client freezes on the Role Selection window during timeout phase and does not allow user to select any Role.

Workaround: Close the client from the tray and reopen.

PZT-43203

Summary: Intermittently users are unable to access the backend resources when both ZTA and VPN connections are connected.

Workaround: Open ISAC UI from tray, disconnect ZTA connection and reconnect.

PZT-43108

Summary: Client is not honoring new GW MTU when GW failover happens in GW group if GWs are having different MTUs.

Workaround: None.

PZT-42473

Summary: Enrollment fails from browser and will give error "SAP is not configured for /login /login/enroll" when device policy is enforced on the user sign-in policy and the same device policy is modified.

Workaround : Navigate to Secure Access->Manage Users->User Policies and need to edit/save the user policy on which device policy is mapped post changing the device policy.

Release 22.6R1

PSD-14144

Summary: Multiple instances of ISAC UI observed. User input is accepted in all instances.

Workaround: None

PSD-15296

Summary: On rare occurrences, client UI closes during manual connect or disconnect of connections.

Workaround: Use system tray to launch Client UI.

PSD-15380

Summary: Pulse setup client is not installing/upgrading. The client does not display the client upgrade prompt when connecting to the ICS server with http connection.

Workaround: Use https Sign-in URL to connect to ICS server.

PSD-15384

Summary: During simultaneous (nZTA + VPN) connection, Auth failure message '1319' displays for VPN connection for a brief period.

Workaround: Connect nZTA first and then initiate VPN connection or vice versa.

PSD-15502

Summary: On rare occurrences, connection fails due to CEF browser crash.

Workaround: Restart dsAccessService.

PSD-15540

Summary: CEF browser crashes on Mac OSX when resuming from sleep.

Workaround: None.

PSD-15637

Summary: User not able to connect to VPN.

Workaround: Close and re-launch client from spotlight.

PZT-35720

Summary: Download triggers before clicking “Upgrade” button on the upgrade message window when auto-upgrade is enabled.

Workaround: None.

PZT-41329

Summary: User sees an embedded browser white blank screen while reconnecting SAML auth for few seconds.

Workaround: None.

PZT-41880

Summary: During Simultaneous (nZTA + VPN) connection, one of the connections might take slightly longer time to connect.

Workaround: Connect first to nZTA and the VPN or vice-versa.

PZT-41927

Summary: When user clicks to connect to ZTA, the connection does not start. This is specific to ZTA connections and is seen to happen during machine start of machine left idle for long time with ZTA in disconnected state

Workaround: Restart the machine or delete and re-enroll the client again.

PZT-41967

Summary: The ZTA connections reconnect at random times.

Workaround: None.

Release 22.5R1

PSD-15039

Summary: When ZTA and Classic connections exist simultaneously, the classic gateway connection gets stuck in "Checking Compliance" state

Workaround: Restart the client and establish either ZTA or classic connection.

PSD-14785

Summary: When ZTA is connected and ISAC crashes, it is noticed on recovery the DNS resolution is blocked on the machine.

Workaround: Only if ZTA workflow crashes, create a registry key HKLM\SOFTWARE\Pulse Secure\Pulse DWORD key AutoUnloadWFP with value 1.

PZT-40370

Summary: Linux ISAC is unable to download CEF browser and ISAC crashes.

Workaround: Manually install CEF.

PZT-37424

Summary: With pre-configured ICS and all client components installed on the endpoint, auth re-directs to default login URL instead of custom SAML auth URL when trying to enroll with multi sign-in URL.

Workaround: Deep clean endpoint for all client components and perform a fresh installation.

Release 22.3R3

No new Known Issues in this release.

Release 22.3R2

PRS-414909

Symptom: PIN prompt for the FIDO Authentication is not displayed for Linux users.

Condition: When FIDO password Authentication is enabled.

Workaround: None

PSD-14142

Symptom: Rarely users come across a BSOD while resuming the machine from Hibernation.

Condition: When a machine is in Hibernate mode.

Workaround: None.

PSD-14501

Symptom: Rarely users come across a BSOD while upgrading the client.

Condition: When split DNS is enabled.

Workaround: None.

PSD-14512

Symptom: ISAC Client help shows release version as 22.4.

Condition: When help is accessed through ISAC 22.3R2

Workaround: None.

PSD-14514

Symptom: VPN SAML Authentication fails on Mac OS with Embedded browser.

Condition: When Azure SAML IdP is configured with certificate-based login.

Workaround: Enable FIDO2 U2F for SAML authentication option under connections to use CEF browser for SAML with certificate-based authentication.

PZT-39936

Symptom: Upgrade to latest ISAC version fails.

Condition: Cisco Any Connect software is installed and running.

Workaround: Stop the Cisco Any Connect from services.msc

Release 22.3R1

PRS-414801

Symptom: Preconfig file is not deployed on the client PC.

Condition: When using msiexec command.

Workaround: None.

PRS-412169

Symptom: The display name on Windows Task Manager differs compared to OS versions prior to Win 11 22H2.

Condition: Windows OS version is Win 11 22H2 or higher.

Workaround: None.

PRS-411820

Symptom: Ivanti Secure Access Client disconnects randomly on Windows.

Condition: When Ivanti Secure Access Client and a combination of Windows Connection Manager is used.

Workaround: None.

PSD-13174

Symptom: PSAL download prompt appears multiple times on macOS 13.

Condition: When installing client using browser.

Workaround: Ignore the message and click 'Download' to proceed.

PSD-13172

Summary: Random user observed ZTA onboarding failed.

Condition: While Enrolling ZTA connection.

Workaround: Uninstall and reinstall the client.

PSD-13168

Symptom: PSAL and setup client launch fails when ICS is upgraded from 9.1R15.

Condition: When PSAL browser extension is enabled.

Workaround: Download and launch PSAL again.

PSD-13030

Summary : While upgrading to the 22.3R1 client prompts to close some applications.

Condition: Upgrading the client to the 22.3R1 version from older version.

Workaround: Ignore the prompt and proceed with the upgrade.

PSD-13021

Symptom: User cannot disconnect the active VPN session.

Condition: L3 and ZTA connections are used on macOS 13.

Workaround: Re-launch UI.

PSD-13014

Symptom: On upgrading client to 22.3R1, during the first UI launch, the UI crashes.

Condition: On Windows machines having 15 or more connections configured

Workaround: Launch the client UI again from start menu.

PSD-12930

Symptom: EdgeWebView2 Runtime installation mandates a minimum of 2GB free diskspace even when not actually utilized.

Condition: Ivanti Secure Access Client requires to use Embedded Browser (SAML, Custom Sign-in pages) etc

Workaround: The minimum free disk space requirement is a pre-requisite to ensure seamless working of Edge based Embedded Browser.

PSD-12409

Symptom: Switching from classic UI to NEUX, launches Ivanti Secure Access Client in full screen mode.

Conditions: When L2 and L3 connections are used.

Workaround: None.

PSD-8514

Symptom: Add and Remove program has both classic and React UI present.

Condition: When Client is installed.

Workaround: None.

PZT-40784

Summary: when the machine wakes up after a long sleep, sometimes the Client UI shows the error "Failed to setup virtual adapter".

Condition: When a ZTA connection is attempted on Linux OS.

Workaround: Click Retry and attempt to connect again.

PZT-36977

Symptom: Server CA fails to install on the end points.

Condition: Randomly happens on some MAC machines.

Workaround: Delete the existing connection and add new ZTA connection.

PZT-36750

Symptom: Lockdown enable/disable on tenant takes more time to reflect in client connstore.dat file.

Condition: When we make changes with respect to lockdown on the tenant.

Workaround: None

PZT-36426

Symptom: dsAccess service crashed after system sleep.

Condition: When using ZTA and ICS tunnel on Mac Book Pro Ventura 13.0.

Workaround: Restart Ivanti Secure Access Client services.

PZT-35824

Symptom: Error 1107 observed when using browser based enrollment.

Condition: When security enabled POD is running.

Workaround: Reconnect the connection.

PZT-35807

Symptom: Ivanti Secure Access Client does not move to Connected state.

Condition: On Minimum Client Version upgrade.

Workaround: None.

PZT-35360

Symptom: Pop-up blocked for the enrollment URL

Condition: When using PSAL browser extension is enabled.

Workaround: Close and open the browser again.

PZT-34750

Symptom: System preferences popup does not appear until machine reboot/re-login.

Condition: When using Always-ON VPN with lock-down connection.

Workaround: None.

PZT-34534

Symptom: Every disconnect and connect installs the Lookout forward proxy certificate on macOS.

Condition: When trying to establish a connection.

Workaround: None.

PZT- 36969

Symptom: Error 1147 observed after uninstalling (with save configuration) and re-installing ISAC for ZTA .

Condition: When ZTA connection details are saved previously.

Workaround: Re-enroll the connection.

Release 22.2R1

PCS-38008

Symptom: PSAL failed to launch JAVA applets on MAC M1 Ventura 13.

Condition: When end-user launches JSAM.

Workaround: None.

PCS-37311

Symptom: The Ivanti Secure access client on Windows or macOS machines establishes the VPN session with the Ivanti Connect Secure displayed as the FIPs client under the Active users' page.

Condition: The 22.2R1 client is used for establishing the session

Workaround: None.

PRS-412672

Symptom: DMG package on Ventura platform shows the file was downloaded on an unknown date and is damaged.

Condition: When Host checker is configured, the client fails to launch through browser or browser based connection.

Workaround: None.

PRS-412216

Symptom: Ivanti Secure Access Client Service (dsTMService.dll) crashes intermittently and the user faces disconnection.

Condition: When a DNS response contains very long CNAME entries and the payload is compressed, there is a chance of a parsing error, resulting in a crash.

Workaround: None.

PRS-412144

Symptom: A Warning displays, "Uninstall is damaged can't be opened" on MAC Ventura 13.0.

Condition: During Ivanti Secure Access Client uninstallation.

Workaround: None.

PRS-412025

Symptom: Smart card login fails when used on custom sign-in page.

Condition: Custom sign-in page is mapped to VPN sign-in URL.

Workaround: Map default sign-in page to the VPN sign-in URL or VPN sign-in can be performed through chrome browser and then Ivanti Secure Access Client connection can be started from browser

PRS-411750

Symptom: Ivanti Secure Access Client rebranded package creation through ConfigureInstaller python script fails.

Condition: Ivanti Secure Access Client rebranded package creation is performed on Big Sur or Monterey.

Workaround : Perform ISAC rebranded package creation on Catalina.

PRS-411746

Symptom: "Securing Connection" status is not seen on New-UX.

Condition: When using New-UX client.

Workaround: None.

PRS-411741

Symptom: Mac- With ICS and IPS connections, for each disconnection of VPN, Un-expected UI switch happens. This happens when a different Admin Setting is enabled for Client UI Mode than the existing display in the Client UI.

Condition: When user tries to connect to two connections in the client, that is ICS and IPS connections.

Workaround: None.

PRS-411632

Symptom: UI Switch as per Admin Settings does not work for the second connection in desktop client.

Condition: When there exist two ICS connections, ICS and IPS connections, or for tunnel in tunnel case.

Workaround: None

PRS-411599

Symptom : Set-up client error pop up seen when connecting to an older server.

Condition : New Client connecting to older Server.

Workaround: Install the client manually or upgrade the client by connecting to Ivanti Connect Secure using client.

PRS-411593

Symptom: Ivanti VPN Web page stuck at ”Searching for PSAL” even after L3 VPN session established.

Condition: Custom sign-in pages mapped to corresponding VPN Sign-in URL and end-user launches L3 VPN connection from browser VPN session.

Workaround: Click “Please click here to go back” on the PSAL search page when L3 VPN session is started.

PRS-411556

Symptom: No notification to user when New-UX is asking for credentials. This eventually leads to User Input timeout.

Condition: When user does not enter credentials.

Workaround: Need to check New-UX to enter credentials.

PRS-411510

Symptom: "Searching for Application Launcher Page" displays even after successful Install and connecting to VPN.

Condition: The installation/launch of Ivanti Secure Access Client using Firefox.

Workaround: Refresh the browser.

PRS-411478

Symptom: VPN Connection may fail to establish in proxy environment where automatic PAC URL is configured.

Condition: Web server send the PAC file without http response header content-length instead sends transfer-encoding: chunked.

Workaround: Configure web server hosting PAC file to send content-length in http response header.

PRS-411380

Symptom: Accessibility feature does not work on New-UX.

Condition: When using New-UX.

Workaround: Use classic UI.

PRS-411350

Symptom: May observe the Ivanti Secure Access Client crash while establishing an L4 connection on macOS.

Condition: The 9.1R15 client connecting to 9.1R16 which is upgraded from 9.1R15 to R16 with macOS PSAM configurations configured on the R15.

Workaround: Upgrade the client to 22.2R1 or delete and recreate the new macOS PSAM configurations after the upgrade.

PRS-411341

Symptom: If New-UX client is minimized to windows taskbar, it does not open if user selects to open the client from Tray.

Condition: New-UX client minimized to Windows taskbar.

Workaround: Manually select the taskbar icon and open the New-UX client.

PRS-411006

Symptom: CPU usage might increase when Auto-Refresh is enabled on New-UX.

Condition: When Auto-Refresh is enabled on NEUX.

Workaround: Disable Auto-Refresh.

PRS-410987

Symptom: No system sound to notify the end user that user input is required while User Credentials input screen is displayed.

Condition: User Sign in workflow.

Workaround: None.

PRS-410877

Symptom: During Ivanti Secure Access client installation, the installation time exceeds by a noticeable margin.

Condition: This is dependent on current load at the endpoint; However, mostly noticeable during all installations and upgrades.

Workaround: None.

PRS-410024

Symptom: Sometimes valid error message not shown.

Condition: In some scenarios, whenever the MessageCatalog file got into some issue, unable to get the corresponding error message.

Workaround: None.

PRS-409774

Symptom: Not able to launch New-UX on Vanilla Windows 20H2 OS Build 19042.1110 and windows server 2022.

Condition: During Ivanti Secure Access Client installation or auto-upgrade.

Workaround: None, use Classic UI.

PRS-409484

Symptom: Server certificate error is shown repeatedly for untrusted certificates.

Condition: When ISAC connects to ICS (Directly \ through Hotspot) having untrusted certificates then certificate exception page will be shown repeatedly.

Workaround: End user must click continue to <server> link on the certificate error page.

PRS-409465

Symptom: "This Extension is not trusted by Enhanced Security Browser" warning prompts during the Ivanti Secure Access Extension installation.

Condition: While launching or installing the clients via Browser.

Workaround: None.

PRS-409302

Symptom: Chromium embedded framework (CEF) based browser will be used by 22.2R1+ clients only during credential provider SAML login.

Condition: ISAC connection set is enabled for Embedded browser for Authentication with Edge Webview2 browser engine and credential provider.

Workaround: ISAC is already handling the credential provider use case with CEF browser.

PSD-11610

Symptom: Uninstall fails to remove UI component for New-UX client.

Condition: During client uninstallation.

Workaround: None.

PSD-11560

Symptom: Diagnostic tool is not opening using Ctrl+F2 on New-UX client.

Condition: When invoking Diagnostic tool from client.

Workaround: Open diagnostic tool manually.

PSD-10736

Symptom: New-UX client controls, labels and text are misaligned clipped.

Condition: When client window is resized.

Workaround: None.

PSD-10356

Symptom: Auto retry of User Input Timeout is not working in New-UX.

Condition: User Input timeout error.

Workaround: Manually Retry user input.

PSD-9938

Symptom: Ivanti Secure Access Client not responding after some days of usage.

Condition: On Ivanti Secure Access Client usage for some days.

Workaround: Restart the application or reboot the system.

PSD-9538

Symptom: Splash screen off setting if selected on the server is not reflecting on the New-UX client.

Condition: New-UX fresh launch.

Workaround: None.

PSD-8631

Symptom: Memory Usage may gradually increase when using New-UX.

Condition: When auto-refresh is enabled.

Workaround: Disable auto-refresh.

PSD-8591

Symptom: New-UX client on Windows 2022 Server is not available due to missing dependencies.

Condition: When New-UX client is used on Windows 2022 Server.

Workaround: None.

PSD-6971

Symptom: Keyboard Navigation is not supported for New-UX client.

Condition: When using keyboard navigation.

Workaround: None.