rswinter, a few years ago JTAC provided a deep clean procedure for the Juniper SSL VPN components. I reworked it a bit into a step by step process for our help desk and they've been using it with great success.

The following process assumes Win 7 and a recent version of IE.

1. Navigate to Control Panel > Programs > Programs and Features > Uninstall a Program.


2. Remove all Juniper applications listed in this section.


3. Close all Internet Explorer windows.


4. Navigate to the Control Panel > Internet Options.


5. On the General tab, under Browsing History, click the Delete button.


6. Check ALL boxes except “Preserve Favorites website data”.  This one must be unchecked.  Click the Delete button.


7. Click on the Programs tab and under Manage Browser add-ons, click on the Manage Browser add-ons button.


8. On the Left side, under Show, click the down arrow and choose All add-ons.


9. If a Juniper add-on is present, remove it by selecting it, then click on More Information and click on the Remove button.  When complete, click Close.


10.  Click on the Advanced tab.


11.  Click on the Reset button to reset IE to its default settings.


12.  Close Internet Properties and the Control Panel.


13.  Navigate to c:\Users\[username]\AppData\Roaming  (Note that the AppData folder is a hidden folder.)


14.  Delete the Juniper Networks folder and its contents.


15.  Delete all files and folders from %systemroot%\prefetch .


16.  Delete all file and folders from %temp% .


17.  Reboot the computer.


18.  Reinstall the Juniper software / log into the VPN.

For XP change step 13 to "Browse to C:\Documents and Settings\[username]\Application Data "

Note that the original procedure from JTAC also included the removal of Juniper registry keys. Their location can be found in the client side changes guide: http://www.juniper.net/techpubs/software/ive/admin/j-sa-sslvpn-7.4-clientsidechanges.pdf. I've only found it necessary to delete the registry keys once in three years so I don't have it in our procedure any longer.

Use this procedure with care. It resets a user's browser to the defaults which can have unintended consequences.

Good luck.

The users are not able to install Host Checker.  Normally it just sits there for a while, sometimes they get the error that host checker didn't install properly.  I'm guessing it's a Browser/Java issue specific to their machine, as some people running the same versions are able to install it just fine...

I believe our Help Desk is also sending out the Host Check Install file as well to these problem people.  I haven't heard anything lately about it, so whatever they are doing must be working...

The only downside I am aware of based on our testing is NC (and Pulse's) inability to invoke a custom defender.thtml. While a non issue in most use cases, it impacts our ability to utilize RSA Adaptive Auth solution. This particular problem was a show stopper for us, but absent adaptive auth problems, it seemed to work ok.

Not sure how you are completing the login through the Network Connect application as it expects to make a VPN tunnel; however, it is theoretically possible to work.

what is the behavior you see when you connect through the browser on these failing machines?