We've deployed many modern versions.

I'd say about 25% of people have some kind of problem and call our help-desk. That's A-LOT of calls for us. You dont get calls ? What are we doing wrong ? We get lots of 23791's on upgrades and lots of other weird stuff. Sometimes fully uninstalling all previous versions and reinstalling the new one works.. Sometimes it doesnt.

A slow roll-out would be best for us but with a clientless system this isnt possible. It's a one time forklift upgrade and it hurts us everytime.

Ben , that is exactly what I need.. Are you saying this is possible ?

Thanks,

Justin

I think unfortunately not. I just saw this button for HostChecker.

But that's what I'd need to think a bout deploying NC as solution vs. our current IPSec solution.

But how about an RFE?

I mean eventhough there may be changes on the NC client in a newer IVE OS (that may be just upgraded because you need a fix in your webrewriter while NC is working fine for you), why shall I change the NC client if it is running fine for me?
I do not need to ugprade my IPSec VPN Client when upgrading the OS of my central IPSec inftrastructure...

I've been managing a group of IVE's for about 3 years now and I've seen my fair share of problems... but rarely with upgrading Network Connect and I try to keep very current with the versioning (most IVE's running 6.0R5 right now, others newer).

One thing I'd recommend although it may not be possible is if you have a LAB/Development IVE you could upgrade it to the newer version, then pull off a copy of the Network Connect installer and manually push that out in your environment before upgrading production. If you're a bold individual and have no Development IVE but do have set downtime, you could upgrade the IVE, download the installers, then rollback the IVE without anyone noticing

That may be a stop-gap solution, but really you need to dig deeper into why this is happening at all to you. My environment uses NC extensively for years and I've only had issues with on occassion with getting NC on a new PC; never anything you mention. Do your users have admin rights on their PC's? If not have you tried pushing out the Installer Service first? What version of the IVE are you running?

In Prod I have 6.0R3.1 (build 12507)

In Dev, 6.0R4-2 (build 12875)

Your idea about pre-upgrading clients sounds good.. but the problem with that is,once that client realizes the IVE is on backleveled code, he will downgrade himself. (unless I am completely mistaken but I am pretty sure this is how that works. )

I have 2000+ true remotes and like I said the fork-lift upgrade results in about 200 calls.

Justin

6.0R4.2 isn't a very good release... 6.0R5 is by far the stablist of the 6.0's so I'd recommend having that in development at least.

I'm not exactly sure about the different versions... I know that major revision changes (6.0R5 vs 6.1R2) will show up as separate instances on your PC, but between revisions of a major release I'm not sure. Would be something easy to test in your lab, though

It does revert back to the previous version if you downgrade the NAS. The code versions arent my issue, its the upgrade process. I hope Juniper is working on a way to run different versions of client and server as that would solve many of my issues. We'd be able to stagger the upgrade process and therefore limit calls to the Help-Desk.