Are you Experiencing Trouble Logging In or Staying Logged In?
Who Should Read: This document is written for campus help desk personnel who are trying to help users with a 604010 error.
On Sept 7, 2008, UCLA implemented a security measure in its web single sign-on service (ISIS) to protect the community from identity theft. This change protects an individual's authenticated web sessions by periodically verifying that her internet address, or "IP address", remains consistent. Shifting address is a potential sign that a hacker may have comprised your session and is accessing resources using your credentials from a different location.
However, some ISPs such as AOL serve user sessoins using pooled IP addresses. This practice, along with some alternate network configurations, may cause an individual's address to change when visiting web sites, thus causing the single sign-on session to terminate. To make sure that your address doesn't change, VPN to the UCLA network. Download the VPN software, if you do not already have it. Then follow these instructions for Windows XP. Other platforms are nearly identical. Please make sure to close and restart your browser after making the VPN connection.
If you are unable to VPN, please contact the IAMUCLA team at iamucla at ucla.edu. Be sure to include the following information in your email:
- Your Logon ID (DO NOT send password. A legitimate support organization will never ask you for your password.)
- Application you wanted to sign in to
- The approximate time you encountered the error
- Your location (home, office, etc.)
- If you have the information, which browser you used.
- If you have it, a screen capture of the error message
Mednet distributes two types of VPN client profiles: "Remote" and "Wireless". The "Remote" profile is configured to perform split source-routing, while the "Wireless" profile routes all user traffic through the mednet network.
It appears that the split routing configuration is considering the Business & Adminstartion network (149.142.49.x) to be part of the mednet space, and routes user traffic to the B&A network via mednet. At the same time, it sends traffic to AIS via the regular public network.
Mednet's instruction is to ask users to have their support IT staffs provide the Mednet "Wireless" pcf file and use it instead of remote file. The profiles are distributed to local IT staff every 6 months, and are only available through them.
UCLA is committed to securing and protecting our online resources. We realize this change may cause an inconvenience and we'll do our best to resolve your issues in a timely manner. We appreciate your understanding and patience.
Download the Bruin Online VPN Software
Original posting on reinstating the IP Checking Rule
Guide for Campus Help Desks
Developer's Guide to Handling 604010 Errors (for campus technical support staff)