Exactly what does this setting do?
Users > Roles > "RoleName" > Network Connect > Options > Other Options > "NC Client Check"
Tried to search for info in the admin guide, kb, ect, but can find anything.
Solved! Go to Solution.
NC Client Check is to check the integrity of Network Connect client components prior to starting a Network Connect tunnel.
if intergrity check fails you will be prompted with error 23787 - Cannot start the Network Connect service. Please re-install network Connect.Ó
I still don't get it though.
Is it just to make sure they get a failure notice before it fails?
I would think that a failure would also indicate a problem : )
We have a user that is having a script problem after an upgrade from 7.0 to 7.1 now, and they have been told to re-install.
I think I'll tick the "NC Client Check" box and see if it helps.
This is just like a client side security check.
When this option is enabled, NC UI will verify the digital signature of the service binary.
JIS must be installed if user doesnÕt have admin privilege as this process involves service restarting.
Hope the above helps
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks
Yeah, it all helpful at this point.
I hate to be soo slow, but I'm just trying to fully understand the option.
So I guess you would elect to check this option if you want to avoid the possibility of a client connecting, and setting up a tunnel, with altered, or tampered, Network Connect files.
Really appreciate the post!
I appreciate your response and yes, your understanding is correct now. I am happy that I could help you, but I am trying to understand why wouldn't this solution get an approval from you.
Well, to add more value and with intention to help you understand this option better, I have included more detail on this - Could you please mark "accepted solution" if this did help you this time?
- The binary mentioned above can be tampered by hackerÕs using their own tools to inject their own code on the
.exe to function different other than the way intended by Juniper Networks.
- To avoid this tampering, we now sign the binary using code signing certificateÓ
- This means, we have the signature of the binary and we generate a hash valueÓ for the binary and store on the
- This way, anybody who wants to tamper our binary, needs the private key we generated as well.
- Now, when we enable NC Client Check, the service binary (dsNCService.exe) is verified by the Network
- This way, we know that the service is not tampered.
- If a service is already started and is on the system, then the client is expected to verify the serviceÓ which
means, verify the digital signature and later stop and restart the service.
- When in this case of stopping and restarting the service, we would need administrator privilege or JIS
installed on the client machine.
Now 'that' I accept as a solution!
While the other posts were helpful, I still didnÕt have the full picture.
I do now.
IÕm Slow, but thoroughÉThank you very much.