From time to time, I'm running with the following problem with Junos Pulse client:
The end-user is able to open an HTTPS session towards the SA/SSL VPN gateway, then launches Junos Pulse but can't establish the VPN session and receive the following error message:
Unable to communicate with the server. (Error:1110)
The server canÕt respond to Juniper networking requests. This could be due to the server being down, or connecting to a server thatÕs not Juniper server. If this condition persists, please contact your administrator.
I've been working on a JTAC case but I've got the feeling it goes nowhere and none can tell me what is behind this error code 1110. We're only using SA/SSL VPN product, SRX or UAC aren't involved.
I've got the feeling the problem is due to lack of communication between the Junos Pulse client and other components on the end point but I haven't been able to up to date information on this assumption.
The VPN connection profile is configured for both ESP and SSL fallback and also has the "Preserved client-side proxy settings" option enabled.
Unfortunately, I can't reproduce the problem myself and I really can't figure out why the end-user is able to open an HTTPS session but not an SSL VPN tunnel towards the same SSL VPN gateway.
Maybe some of you have an idea on what could cause this behavior? Thank you.
User must be having a pac file in the browser.
The initial https connection must be going via proxy(wireshark can confirm)
Pulse tries direct and then proxy, so it must have tried proxy provided user do not hav direct connection to SA/MAG.
Pulse 3.1 and above connects fina via pac file on client browser.
What version of client is user using?
Thank you for your answer.
I've no control on the end-user environment, that is why my configuration preserves client side proxy settings.
End-users are using 3.1R5 and download the client directly from SSL VPN gateway.
I do really have the feeling that the problem is due to communication error on the end-point itself but I've not been able to assess the exact requirements. It looks like that those for NC aren't the same as those for Pulse.
looked at debug log, pulse tries to connect direct ad there is no direct ISP connection to the SA/MAG URL so it tries to connect via proxy configured in user's browser and that fails too.
'iveConnectionMethod' Unable to connect directly, scheduling via proxy
'iftProvider' requested connect by proxy, but couldn't get proxy settings. Error 0x80004005
We do not support wpad scripts, could you find out what proxy settings are there in the browser of these user?
I'll try to gather the information, however, this might take some time.
I'm suprised, we're able to make this setup working if we do use Network Connect, is this something that is currently not implemented on Junos Pulse?