We recently upgraded to 7.3R5 and we've had a number of people have a huge problem with loadng host checker... Most of them are ok once all the OLD version of the Juniper Apps are uninstalled, but a few can't get host checker to install no matter what our help desk tries...
One of our help-desk reps then tried givng the remote agent the NetConnect client. We don't use NetConnect at all on these boxes and the only thing in the profile is a couple RDP shoutcuts... But, the people he has tried have had sucess using the netconnect client to login instead of their Broswer.
Has anyone tried this before? Any downsides? It seems to fix any incompatabilites they may have browser-wise or anyhting else, but wanted to see if anyone else uses the Netconnect EXE for non-netconnect connections...
rswinter, a few years ago JTAC provided a deep clean procedure for the Juniper SSL VPN components. I reworked it a bit into a step by step process for our help desk and they've been using it with great success.
The following process assumes Win 7 and a recent version of IE.
For XP change step 13 to "Browse to C:\Documents and Settings\[username]\Application Data "
Note that the original procedure from JTAC also included the removal of Juniper registry keys. Their location can be found in the client side changes guide: http://www.juniper.net/techpubs/software/ive/admin
Use this procedure with care. It resets a user's browser to the defaults which can have unintended consequences.
The users are not able to install Host Checker. Normally it just sits there for a while, sometimes they get the error that host checker didn't install properly. I'm guessing it's a Browser/Java issue specific to their machine, as some people running the same versions are able to install it just fine...
I believe our Help Desk is also sending out the Host Check Install file as well to these problem people. I haven't heard anything lately about it, so whatever they are doing must be working...
The only downside I am aware of based on our testing is NC (and Pulse's) inability to invoke a custom defender.thtml. While a non issue in most use cases, it impacts our ability to utilize RSA Adaptive Auth solution. This particular problem was a show stopper for us, but absent adaptive auth problems, it seemed to work ok.
Not sure how you are completing the login through the Network Connect application as it expects to make a VPN tunnel; however, it is theoretically possible to work.
what is the behavior you see when you connect through the browser on these failing machines?