Product: Access Manager – SSLVPN
Function: Client Integrity Check (CIC) policy enabled with Attribute Type as AbsoluteFile

This cool tip is tested for Internet Explorer.

Refer to the Novell Access Manager documentation for more details on how to configure CIC policy.

Configure CIC policy to check for Internet Explorer.

Click to view.

Pic 1 – Access Manager – Admin Console – SSLVPN CIC configuration screen

In some systems, Internet Explorer is upgraded to the latest version. So, when we look for version details by opening the IE browser and click on Help, it shows something like Version: 8.0.6001.18702. as shown in Pic 2. When the same version was entered under version attribute for AbsoluteFile iexpore.exe, CIC check failed during SSLVPN connection from the client’s system.

The reason was due to version mismatch. This was noticed when checking the properties for iexplore.exe under C:\WINDOWS\IE8. Here the file version is displayed as 6.0.2900.5512 and value is shown as 6.00.2900.5512. Tried entering these numbers under version as shown in Pic 1, and found CIC check is passed.

Click to view.

Pic 2 – Client system’s IE versions showing different version numbers

So, if CIC check fails, it could have been due to a few system errors as noticed above. Ensure the details supplied are correct in order to pass through the policy checks configured for SSLVPN.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
Jan 4, 2012
12:04 pm