Allow agent: Logon denied due to validation error, Error Code: 3003 (No Network Access resource assigned)
We have one F5 SSL VPN user who is having his second round of trouble getting logged in.
We use LDAP to query AD for group membership, and allow access based on that.
the most relevant error I see in the Access Policy report is this: Allow agent: Logon denied due to validation error, Error Code: 3003 (No Network Access resource assigned)
The first time this happed to the user, we tried a number of different things. Working off a theory that the user's Active Directory account was somehow implicated, I copied his AD account and tried to log in with that. That failed, so simply copying the account didn't fix the issue. Next, I tried creating a completely new AD account with the right permissions and group memberships. When I tested that, it was able to successfully connect via the SSL VPN. The user who's having the problem tried the new account and was able to get in as well.
Now after about 4 weeks, he's reporting the same issue with the new account, and when I look, the line I pasted appears in each session report.
I've searched for info on this in askF5, but my searches aren't returning helpful hits.
I'd appreciate it if anyone solved similar situations can share the knowledge.
Of course, there's always the old standby, Open a case with F5....