cancel
Showing results for 
Search instead for 
Did you mean: 

Preconfigured connections occasionally disappear when connecting

Vini_
New Contributor

Preconfigured connections occasionally disappear when connecting

We've rolled out Junos Pulse Secure 5.1.3 (55871) client via SCCM, using a preconfiguration file which contains 6 connections.

Occasionally, when a user connects to one of these preconfigured connections, the other connections seem to get erased. This behavious is hit and miss and cannot always be replicated.

Any ideas?

3 REPLIES 3
Kita_
Valued Contributor

Re: Preconfigured connections occasionally disappear when connecting

In the preconfiguration file, there are two GUIDs (ive and the server-id).  The server-id GUID ties the connection to a specific SA device.  The ive GUID is the identifier of the connection.

 

ive "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx" {
connection-policy-override: "true"
connection-source: "preconfig"
friendly-name: "connection-name"
guid: "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
server-id: "xxxxxxxxxx-2363-4810-b43a-2f510a3d5028"
uri: "xxxxx.juniper.net"
version: "2"
}

 

When Pulse connects to a SA device, it will confirm if the server-id matches or not.  If it does match, it will validate all ive guid stored on the device.  Any matching GUID will be updated.  Any mismatching GUID will be removed.  If the server-id does not match, it does not update any of the ive connections on the Pulse client.

 

Note:  If a connection is manually created, these will not be removed as there will be no ive GUID tied to these connections.

Vini_
New Contributor

Re: Preconfigured connections occasionally disappear when connecting

Ok, the preconfig file I have shows 6 connections, each with a matching ive/server-id. This preconfig was ONLY created on one SA. Are you saying I need to mirror these settings on the other SAs?

schema version {     version: "1" }  machine settings {     version: "37"     guid: "6445eb2b-5c4e-47e1-9ccd-f805f87cdb74"     connection-source: "preconfig"     server-id: "1234567890ABCDEFGH"     allow-save: "true"     user-connection: "true"     splashscreen-display: "false"     dynamic-trust: "true"     dynamic-connection: "true"     FIPSClient: "false"     wireless-suppression: "false" }  ive "49fd1459-909d-46fc-b979-60173ebee09e" {     friendly-name: "helloworld"     version: "8"     guid: "49fd1459-909d-46fc-b979-60173ebee09e"     server-id: "1234567890ABCDEFGH"     connection-source: "preconfig"     factory-default: "true"     uri: "vpn.helloworld.com"     connection-policy-override: "true"     use-for-secure-meetings: "false"     use-for-connect: "true"     connection-identity: "user"     client-certificate-location-system: "false" }  ive "0f877c87-209d-417c-9cf7-66aab4a43ff9" {     friendly-name: "helloworld (ams)"     version: "4"     guid: "0f877c87-209d-417c-9cf7-66aab4a43ff9"     server-id: "1234567890ABCDEFGH"     connection-source: "preconfig"     connection-policy-override: "true"     use-for-secure-meetings: "false"     use-for-connect: "true"     this-server: "false"     uri: "ams.helloworld.com"     connection-identity: "user"     client-certificate-location-system: "false" }  ive "f791ef4b-5275-4c54-ace7-d95b27ed2be7" {     friendly-name: "helloworld (clj)"     version: "5"     guid: "f791ef4b-5275-4c54-ace7-d95b27ed2be7"     server-id: "1234567890ABCDEFGH"     connection-source: "preconfig"     connection-policy-override: "true"     use-for-secure-meetings: "false"     use-for-connect: "true"     this-server: "false"     uri: "clj.helloworld.com"     connection-identity: "user"     client-certificate-location-system: "false" }  ive "1011b646-8060-448d-b84e-57717de6284b" {     friendly-name: "helloworld (bld)"     version: "4"     guid: "1011b646-8060-448d-b84e-57717de6284b"     server-id: "1234567890ABCDEFGH"     connection-source: "preconfig"     connection-policy-override: "true"     use-for-secure-meetings: "false"     use-for-connect: "true"     this-server: "false"     uri: "bld.helloworld.com"     connection-identity: "user"     client-certificate-location-system: "false" }  ive "af7d1188-882a-461c-b683-c8b48d395555" {     friendly-name: "helloworld (tky)"     version: "3"     guid: "af7d1188-882a-461c-b683-c8b48d395555"     server-id: "1234567890ABCDEFGH"     connection-source: "preconfig"     connection-policy-override: "true"     use-for-secure-meetings: "false"     use-for-connect: "true"     this-server: "false"     uri: "tky.helloworld.com"     connection-identity: "user"     client-certificate-location-system: "false" }
Kita_
Valued Contributor

Re: Preconfigured connections occasionally disappear when connecting

Yes.  All devices should have the same configuration.  To ensure this is correct, you will want to perform a XML export of the Pulse connection sets and import this file to all other SA devices in your environment.  This will ensure all devices have the same ive/server-id and avoid any conflicts.