Hi, i had a similar problem with MacOC 10.8.2 with Junos pulse 4.0 and authentication: cert+AD.
We have machine certificates on client (stored in system.keychain on MacOS while it seems that Pulse only checks login.keychain and since it founds nothing in it it says "missing or invalid certificate".
Moving certificate from system.keychain to login.keychain everything is ok.
The problem is that it's a machine certificate, not a user certificate so for us is not possible to go that way. With network connect client everything is OK.
We have a same problem with Junos Pulse and OSX Mountain Lion, when the certificate is on System side the Junos cans see the certificate and when we are moving the certificate in to Login side the Pulse sees the certificate but we have a security risk that certificate can be exported from the user?