Re: Remote Access - desktop_post_connect_script

AkosBakos · ‎2023-08-08

Dear All,

I have a demo environment, where I want to the post-login script functionality.

I seemed straightforward according to this article:

https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

I used a simple .vbs which would pop up a window with a word. The location is C:\install\test.vbs .

My MGMT and GW is R81.10 take 95

Anybody experienced such kind of behavior?

All answer are welcome 🙂

BR

Akos

----------------
\m/_(>_<)_\m/

G_W_Albrecht · ‎2023-08-08

Try a .bat file - .vbs will not work afaik... sk103117: How to run the Post Connect Script on a Remote Access VPN client that connects to a specif...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

AkosBakos · ‎2023-08-08

Hi G_W_Albrecht

Same, it seems the values of the trac_client_1.ttm does not take affect on the client side.

If I check the trac.defaults on the client side and the post_connect_script parameters empty, however I set it on the GW side. For test purposes I set the flush_dns_cache to "true" but it didn't make changes on the client side.

flush_dns_cache STRING "false" G W_USER 1 <----- default values

Akos

----------------
\m/_(>_<)_\m/

G_W_Albrecht · ‎2023-08-08

As shown in https://support.checkpoint.com/results/sk/sk103117 - Did you do a policy install and delete & recreate the site on the client after the changes ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

AkosBakos · ‎2023-08-08

Hi,

Yes of course.

Akos

----------------
\m/_(>_<)_\m/

G_W_Albrecht · ‎2023-08-08

I would suggest to contact TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

AkosBakos · ‎2023-08-08

Hi,

That would be the last chance, because it is a test system without any support.....
I don't think they would help me.

A

----------------
\m/_(>_<)_\m/

G_W_Albrecht · ‎2023-08-08

As long as you are testing for a customer with a valid support contract, it does not matter.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

AkosBakos · ‎2023-08-08

One more thing, is this correct syntax?

----------------
\m/_(>_<)_\m/

G_W_Albrecht · ‎2023-08-08

No - see https://support.checkpoint.com/results/sk/sk103117 -

:default (C:\vpn_pcs.bat)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

AkosBakos · ‎2023-08-08

Hi,

Ok, but the file must be in the root (C:\)?

SK said:

  :default (<Full Path to the script file on the Remote Access VPN computer>)

----------------
\m/_(>_<)_\m/

G_W_Albrecht · ‎2023-08-08

You have to give the full path - regardless if that is C:\<somepath> or D:\<somepath> or F:\<somepath>, it only has to be the same for every client !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

AkosBakos · ‎2023-08-08

One step forward:

trac.log

[ 4524 6448][8 Aug 13:15:25][TR_FLOW_STEP] TrRunScriptsStep::RunCommandLine: SCRunProcessAsUser returned with code 2 - failed to create process
[ 4524 6448][8 Aug 13:15:25][TR_FLOW_STEP] TrRunScriptsStep::RunScriptThread: Failed to run script: 'C:\Users\Public\Documents\vpn_pcs.bat''.

What could be this? 🙂

A

----------------
\m/_(>_<)_\m/

G_W_Albrecht · ‎2023-08-08

Can you run the script from CLI with user-level permissions ?

Important Note - The Post-Connect script runs with user-level permissions. For security reasons, running the Post-Connect script is not supported if users do a Secure Domain Login before Windows login.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

AkosBakos · ‎2023-08-08

Hi,

My first idea was the same. I'm able to run the script. My client is a simple win10 client.

Akos

----------------
\m/_(>_<)_\m/

G_W_Albrecht · ‎2023-08-08

What simple win10 client ? I thought you are using E87.30 RA VPN client ? Neverteless, SCRunProcessAsUser returned with code 2 - failed to create process looks like the client has no rights to run it...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

AkosBakos · ‎2023-08-08

To clarify this?

I'm using a win10 with E87.30 RA VPN client

A

----------------
\m/_(>_<)_\m/

AkosBakos · ‎2024-08-19

A late follow-up:

I needed toadd the missing parameters following sk75221.

mod_enabled

Akos

----------------
\m/_(>_<)_\m/

Are you a member of CheckMates?

Remote Access - desktop_post_connect_script