cancel
Showing results for 
Search instead for 
Did you mean: 

Question about the code-signing issue

tnguyendoit
Occasional Contributor

Question about the code-signing issue

Certain discussions in previous threads weren't clear to me.

 

I have a bunch of users who connect over the web, authenticate via SAML then LDAPS, then use Pulse Terminal Services Client to RDP.

 

Let's say when my existing appliances running PCS 9.1R8.2 / PCS 9.1R10 are upgraded to the 9.1R11.x FIXED RELEASE (assuming it's released tonight),

 

when a user (who's already had the older PSAL / Pulse Setup Client / Pulse Terminal Services Client installed in their Windows profile "\AppData\Roaming\Pulse Secure" previously fetched from PCS 9.1R8.2 / PCS 9.1R10) connects to the newly upgraded appliance which will be running the 9.1R11.x FIXED RELEASE:

 

---> will those existing Pulse components in the user's profile be automatically updated to a newer version of PSAL / Pulse Setup Client / Pulse Terminal Services which addressed this issue?

 

From what I see, Pulse Setup Client might be the component with the bad implementation which checked for code-signing cert expiration instead of checking whether the code signing time falls into the period for which the code-signing cert was valid.

21 REPLIES 21
scoutt
Contributor

Re: Question about the code-signing issue

In our experience after the upgrade the user with pre-existing apps installed still failed. You have to uninstall all Pulse apps to get the new PSAL to downlooad with the new cert. That is used for hostchecker as well. They all got new certs is the reason why. 

kkullot
Occasional Contributor

Re: Question about the code-signing issue

This apply to those that use the browser and the client app or just the browser?  

 

I would like to know if we can update the server to the latest version and disable auto update for the clients.  Our clients currently work using Pulse Secure app.  Its only the users that need to go to the sign in page that fail. 

Tags (2)
rvandolson
Occasional Contributor

Re: Question about the code-signing issue

We'd like to know this as well.  Awkward experience for users otherwise and very high touch for our front line support staff.

scoutt
Contributor

Re: Question about the code-signing issue

This only effects the browser login. We have users using the Client app as well and they were not affected, even after the update to R11.3 

kkullot
Occasional Contributor

Re: Question about the code-signing issue

Scoutt,

 

Let me make sure I'm understanding you correctly.  

 

You upgraded the server to the current version 9.1R11.3 and your clients did not have issues connecting?   No prompt to upgrade, nothing?   What version client are you running?  We are at 9.1.6725.   Do you have the Enable web installation and automatic upgrade of Pulse Secure clients option on or off under Maintenance\Options?  

 

 

 

 

scoutt
Contributor

Re: Question about the code-signing issue

That is correct sir. In fact, after the upgrade and because the users didn't log off like they were told, lol,  they just reconnected right back with no issues. According to the KB, Pulse Clients were not affected by the cert issue. In fact when the browser portion was down, we had clients connecting without issues. Yes that was the version we were on, 9.1.6725, now they have 9.1.8389 to upgrade to

 

Yes, the upgrade gives a new version of the client too but still that should be seemless to the user.

rvandolson
Occasional Contributor

Re: Question about the code-signing issue

I think he's stating his clients didn't have impact because they launch PDC directly rather than via the web.

 

We would like to return to allowing web access as an option, but avoid needing to manually touch or talk to 3000 users.

 

I wonder if there's a way to teach web browsers to trust the older helper components explicitly so the uninstall/upgrade process can happen automatically.

scoutt
Contributor

Re: Question about the code-signing issue

Oh no, we have couple hundred using the browser login as well. We sent an email explaining how to uninstall and what to expect when they reload. It went failry smooth but still had users that couldn't read lol.

 

But the user still has to uninstall all pulse apps from the add/remove in Win10, or they will not work.

rvandolson
Occasional Contributor

Re: Question about the code-signing issue

So did you:

  1. Upgrade PCS (appliance) to latest version
  2. Disable "auto upgrade"
  3. Instruct your clients to uninstall the helper components
  4. Instruct your clients to then reattempt connecting to the web interface so new helper components get installed

?