Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AkosBakos
Advisor

Remote Access - desktop_post_connect_script

Dear All,

I have a demo environment, where I want to the post-login script functionality.

I seemed straightforward according to this article:

https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

I used a simple .vbs which would pop up a window with a word. The location is C:\install\test.vbs . 

My MGMT and GW is R81.10 take 95

Anybody experienced such kind of behavior?

All answer are welcome 🙂

BR

Akos

 

 

 

 

----------------
\m/_(>_<)_\m/
0 Kudos
17 Replies
G_W_Albrecht
Legend Legend
Legend

Try a .bat file - .vbs will not work afaik... sk103117: How to run the Post Connect Script on a Remote Access VPN client that connects to a specif...

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AkosBakos
Advisor

Hi G_W_Albrecht

Same,  it seems the values of the trac_client_1.ttm does not take affect on the client side.

If I check the trac.defaults on the client side and the post_connect_script parameters empty, however I set it on the GW side. For test purposes I set the flush_dns_cache to "true" but it didn't make changes on the client side.

flush_dns_cache STRING  "false" G W_USER 1   <----- default values

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
Legend Legend
Legend

As shown in https://support.checkpoint.com/results/sk/sk103117 - Did you do a policy install and delete & recreate the site on the client after the changes ?

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AkosBakos
Advisor

Hi,

Yes of course. 

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would suggest to contact TAC !

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AkosBakos
Advisor

Hi,

That would be the last chance, because it is a test system without any support.....
I don't think they would help me.

A

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
Legend Legend
Legend

As long as you are testing for a customer with a valid support contract, it does not matter.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AkosBakos
Advisor

One more thing, is this correct syntax?

2023-08-08 11_42_25-admin@erstegw_~.png

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
Legend Legend
Legend

No - see https://support.checkpoint.com/results/sk/sk103117  -

:default (C:\vpn_pcs.bat)
CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AkosBakos
Advisor

Hi,

Ok, but the file must be in the root (C:\)?

SK said: 

  :default (<Full Path to the script file on the Remote Access VPN computer>)

 

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
Legend Legend
Legend

You have to give the full path - regardless if that is C:\<somepath> or D:\<somepath> or F:\<somepath>, it only has to be the same for every client !

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AkosBakos
Advisor

One step forward:

trac.log

 

[ 4524 6448][8 Aug 13:15:25][TR_FLOW_STEP] TrRunScriptsStep::RunCommandLine: SCRunProcessAsUser returned with code 2 - failed to create process
[ 4524 6448][8 Aug 13:15:25][TR_FLOW_STEP] TrRunScriptsStep::RunScriptThread: Failed to run script: 'C:\Users\Public\Documents\vpn_pcs.bat''.

What could be this? 🙂

 

A

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Can you run the script from CLI with user-level permissions ?

Important Note - The Post-Connect script runs with user-level permissions. For security reasons, running the Post-Connect script is not supported if users do a Secure Domain Login before Windows login.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
AkosBakos
Advisor

Hi,

My first idea was the same. I'm able to run the script. My client is a simple win10 client.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
Legend Legend
Legend

What simple win10 client ? I thought you are using  E87.30 RA VPN client ? Neverteless, SCRunProcessAsUser returned with code 2 - failed to create process looks like the client has no rights to run it...

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AkosBakos
Advisor

To clarify this?

I'm using a win10 with E87.30 RA VPN client 

A

----------------
\m/_(>_<)_\m/
0 Kudos
AkosBakos
Advisor

A late follow-up:

I needed toadd the missing parameters following sk75221.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events