The first experience I am getting is this....
The gateway is configured to perform "Single Authentication" / "Compatibility with Older clients". The authentication method is RADIUS and is not configured to ask for password as first challenge. There is no "MultiAuthenicaiton client settings" configured. All fairly standard stuff.
If you take a clean installer it will connect to the gateway and the ask for the username but the password field will be greyed out (as i would expect). You click next enter the RADIUS prompt and the client throws a wobbly that the password is wrong. Slightly less standard stuff!
If I install the customers customised installer then the client will ask me for the username and the password move onto the RADIUS token then let me login.
So obviously the client has been configured at some point in this environments long and distant past to require the user to provide the password regardless... but what gives with the gateway? Where is the setting requiring the password... but not requiring the password is some strange setting in the gateway I just cant find? Is this a 'feature'? What am I missing?
The second strange experience I am getting is...
You try and connect to the Gateway using a domain machine you are let in without issue. You try and connect using a non-domain machine and you can connect but get a message in the client isnt a member of the domain and you can access internal resources. However if you add a registry entry with the domain name under System\CurrentControlSet\Services\Tcpip\Parameters\Domain then you can get in without issue.
So you think maybe Mobile Access is configured to perform compliance Checking. You look at the Gateway Properties -> Mobile Access -> Endpoint compliance but its disabled. So you open up the local.scv file on the gateway but this is a completely standard unedited file.
Facts and Figures
- OS/version of the client PC = Windows 10 / Windows 11
- Version of Remote Access client = It looks like this experience has been the same for years, current version 87.30.
- Exact version/JHF take level of gateway = Its been configured like this since R77 days. Current version is R81.10.
- For Endpoint/Remote Access, please include the client versions = eh?
- A simplified network diagram is always appreciated = Fairly standard Internet -> Gateway -> Internal network, not sure its required for this post.
- References to precise documentation you followed, the results you were expecting, and the results = None
- Relevant screenshots are helpful = Not sure these are too helpful at this point this is all fairly standard messages.