A couple of weeks again I upgraded our SA 4000 system software from 5.5R1 (build 11711) to 6.3R1-2 (build 13619). Ever since the upgrade I've had one set of (important) remote users that seem to be having problems signining into the VPN. It seems that the Helper Service and Cache Cleaner are simply not installing or upgrading since the upgrade when they attempt to login. A policy trace show the roles are matching okay, but the cache cleaner is not running:
Realm XXXXX Users mapped user XXXXX\XXXXX to roles XXXXX
Cache Cleaner restriction check failed for role XXXXX
All roles restricted
Sign-in rejected. Reason: NoRoles
However, when I go and visit these users and try my login everything, the Helper Service and Cache Cleaner, run and install as expected. This would suggested that something about my role (which is different from theirs) is somehow doing something different, but I am unable to find out what. This is most frustrating as the only way I can get these remote users working is by loggiing from their PCs which is not very pratical.
I've run into this problem with some of our users as well. The solutions have varied so I'll list the solutions that have worked for us.
1. Watch the firewall for blocks of the upgraded components.
2. Remove the Juniper addon plugin from IE 7.x (Tools|Manage Addons|Add-ons that have been used by IE)
3. Delete Cookies in IE 7.x and close the browser.
4. Uninstall all Juniper apps from add/remove programs in the Control Panel.
In solutions 2 - 4 when the user tries again the required plugin/cookie/software is redownloaded and installed. These are not steps taken in order, some worked for some users and other steps worked for other users.