cancel
Showing results for 
Search instead for 
Did you mean: 

Question about the code-signing issue

jordanl17
Contributor

Re: Question about the code-signing issue

Tom, I'm waiting to see your results, please post back.   We are a smaller company that yours, but I don't want to break existing people who have the Pulse client actually working.    It seems like there isn't a new Pulse Client with 9.1r11.3, so maybe just the other components get an upgrade, and if users are connecting directy from client then they don't see the upgrade prompt....    

tom.mccomb@cardworks.com
Occasional Contributor

Re: Question about the code-signing issue

Evening all,

 

We just finished the upgrading the appliance and I wanted to document my steps.  We were able to upgrade the appliance, uninstall the apps, reinstall the new Pulse Secure Application Launcher without needing to elevate admin priveleges against multiple test devices.  I need to redact some information and I can't send any screenshots for compliance reasons but I hope this helps.

 

  • Backed up configuration/user files for out for node1 and node2
  • Backed up the user/event logs.
  • Dumped these log files to speed up the install process.
  • Disabled the “Enable web installation and automatic upgrade of Pulse Secure clients” (Maintenance -> System -> Options)  **Pulse highly recommended this and I think this is pretty critical**
  • Upgraded node1 first, then node2 was automatically updated as usual.
  • We created a message on the login page that pointed users to the UninstallPulseComponents_v2.exe provided by Pulse PRIOR to logging in.
  • After logging in we clicked on the Terminal Services link and we were prompted to download the Pulse Secure Application Launcher (the screen with the big download button.) (At this point the tests we did none of these users were admins on the machine.)
  • We downloaded and ran the installer and we were not prompted for UAC or admin credentials.
  • Test accounts and users were able to then successfully login.

We did have one finding for users who use the Pulse Secure application on a Chromebook.  The role we were testing on had Split Tunneling enabled but for some reason I could not perform nslookups for my PC name.  I could connect to it direct by IP but hostname look ups failed.  I removed Split Tunneling from this profile and then things worked correctly.  Thsi configuration was UNCHANGED prior to upgrading through and the split tunneling networks were properly defined.  Maybe something with our CB setup or CB in general but they are a small fraction of our populace.  Once I did that connectivity restored.

 

I think the BIG thing is to disable the web installation and automatic upgrade of Pulse Secure clients.  I am calling it a night though.  Good luck everyone.