Have any of you seen any issues with SSL VPN release 6.5Rx and Symantec Endpoint Protection on Windows XP machines?. We've been having issues where the new Network Connect client won't install or won't start if it was pre-installed. Typically we'll get a nc.windows.app.23712 or 23704 on the client side. Now, this doesn't happen on every system, only around 10% of our NC client base
I opened a case with JTAC and after looking at the client side logs, they told me that the Juniper Network Connect "Teefer2" miniport driver (installed by SEP11) seen in Device Manager needs to be disabled. Once disabled the clients can connect. This seems to be a fix for users who are admin users but the non-admin users who are telecommuters are stuck and non-working.
I've upgraded a test appliance to 6.5R3.1 build 15255 that didn't fix the Teefer2 problem and we upgraded it to 6.5R4 build 15551 that didn't fix it either.
we use SEP11.0.5002 without NAC and had no problems with 6.5R3.1 and 6.5R4.
The "Teefer2 Miniport" network adapter is in normal device-manager view not visible, only if I enable "display hidden devices" (or what it might be called in the englisch Windows XP).
We do not have any software or device usage restrictions defined in SEP. Only virus/spyware, network and proactive protection is enabled.
It might be woth checking your SEP policies if not already done.
Our SEP management team opened a case with Symantec two days back. They found out that they're aware of the teefer2 miniport driver causing issues with various VPN products. We haven't been able to find out exactly what combo of software on the client machine causes the teefer2 to break NC but we do know that in every instance, disabling the teefer2 miniport driver fixes the broken client machine.
We run SEP 11.0.5 and Symantec told us that this problem is fixed in 11.0.6.
We have started to experience similar issues after upgrading to 6.5r6. We have a mix of Symantec 11.0 4 - 11.0.6 clients. So far our primary issues are that remotely connected clients are having difficulty accessing resources on the corporate network... file shares, things like that. I don't think it's fixed in 11.0.6. We have to have clients disable the Symantec firewall to get any work done.
Anyone come up with a better work around? I don't think it's Symantec firewall policy related because I've been trying all kinds of things, short of opening it wide open.