Certain discussions in previous threads weren't clear to me.
I have a bunch of users who connect over the web, authenticate via SAML then LDAPS, then use Pulse Terminal Services Client to RDP.
Let's say when my existing appliances running PCS 9.1R8.2 / PCS 9.1R10 are upgraded to the 9.1R11.x FIXED RELEASE (assuming it's released tonight),
when a user (who's already had the older PSAL / Pulse Setup Client / Pulse Terminal Services Client installed in their Windows profile "\AppData\Roaming\Pulse Secure" previously fetched from PCS 9.1R8.2 / PCS 9.1R10) connects to the newly upgraded appliance which will be running the 9.1R11.x FIXED RELEASE:
---> will those existing Pulse components in the user's profile be automatically updated to a newer version of PSAL / Pulse Setup Client / Pulse Terminal Services which addressed this issue?
From what I see, Pulse Setup Client might be the component with the bad implementation which checked for code-signing cert expiration instead of checking whether the code signing time falls into the period for which the code-signing cert was valid.
In our experience after the upgrade the user with pre-existing apps installed still failed. You have to uninstall all Pulse apps to get the new PSAL to downlooad with the new cert. That is used for hostchecker as well. They all got new certs is the reason why.
This apply to those that use the browser and the client app or just the browser?
I would like to know if we can update the server to the latest version and disable auto update for the clients. Our clients currently work using Pulse Secure app. Its only the users that need to go to the sign in page that fail.
Let me make sure I'm understanding you correctly.
You upgraded the server to the current version 9.1R11.3 and your clients did not have issues connecting? No prompt to upgrade, nothing? What version client are you running? We are at 9.1.6725. Do you have the Enable web installation and automatic upgrade of Pulse Secure clients option on or off under Maintenance\Options?
That is correct sir. In fact, after the upgrade and because the users didn't log off like they were told, lol, they just reconnected right back with no issues. According to the KB, Pulse Clients were not affected by the cert issue. In fact when the browser portion was down, we had clients connecting without issues. Yes that was the version we were on, 9.1.6725, now they have 9.1.8389 to upgrade to
Yes, the upgrade gives a new version of the client too but still that should be seemless to the user.
I think he's stating his clients didn't have impact because they launch PDC directly rather than via the web.
We would like to return to allowing web access as an option, but avoid needing to manually touch or talk to 3000 users.
I wonder if there's a way to teach web browsers to trust the older helper components explicitly so the uninstall/upgrade process can happen automatically.
Oh no, we have couple hundred using the browser login as well. We sent an email explaining how to uninstall and what to expect when they reload. It went failry smooth but still had users that couldn't read lol.
But the user still has to uninstall all pulse apps from the add/remove in Win10, or they will not work.
So did you: