download in the KB article!

Appears we are having a disconnect with what you said in this thread.  User intervention WILL be required.  500+ machines that are unable to connect back home are going to need us to locally connect.

General Guidelines to install the fix :
The solution would involve upgrading the PCS server as well as clearing the older Pulse Secure components on the End-User devices
Note - End-Users who do not have any Pulse Secure components already installed, can skip Step # 2.

2. The End User devices that have Pulse Secure components already installed would need to follow one of the two methods outlined below:
Run the attached BAT Script (UninstallPSALAndPSC.bat).
Note - This would need End-users to have admin privileges.
Manually remove PSAL and Setup Client components,
a. Navigate to Control Panel -> Programs and Features
b Select “Pulse Application Launcher”
c. Right Click and Uninstall.
d. Select “Pulse Secure Setup Client”
e. Right Click and Uninstall.

3. Once, Step # 2 is completed, the End-Users should be able to successfully connect to the new PCS version

They really managed to not only have a very long **bleep**up, but not provide a good fix, but let us admins have to clear every client, aswell. That is maybe even worse... so, you want to discontinue your product I understand?

And on top, please be aware that your batch script for removing PulseSecure is wrong and won't work anywhere as intended (so you didn't even test it, right?), because:

rmdir /s /q "%AppData%\Roaming\Pulse Secure\PSAL\"

the variable %AppData% already includes the Roaming folder.

Guys, so many ways to **bleep** this up even more and you chose all of them.

A really disappointed (hopefully soon ex-)customer.

Update: and as I see now, the batch makes the VPN work again as the Application Launcher is deinstalled, but i.e. the Terminal Services Client is not, so this is only a partial fix, RDP is still broken if you go the way the KB tells you.

Dear pulsesecure, you really should hire someone who understands IT, please. Not for 5 bucks per hour, please. On the other hand, yes, maybe it's too late already. You really messed this up big time.

Most of our Customer work via Fullconnect/Splittunnel, are they still working after deployment of the fix?
Or will they get stuck while update?

We are bit afraid of deploying the fix and destroy about 300 Fullconnect-Tunnels.

After the appliance is upgraded to 9.1R11.3 (fixed release), each user who's already had the pre-April 12 PSAL / Pulse Setup Client / Host Checker / Pulse Terminal already installed in their Windows profile will need to do the following:

As the affected user, open Control Panel ---> Programs and Features

Uninstall the following:

Pulse Application Launcher
Pulse Secure Host Checker
Pulse Secure Setup Client
Pulse Secure Terminal Services Client

(all the above were installed under the user's security context into their profile's "\AppData\Roaming\Pulse Secure", so they need to be uninstalled by the user)

then the user needs to open the browser again, hit the appropriate Sign-In URL for the appliance's applicable authentication realm, then go through the authentication process and:

a) download and install the new Pulse Secure Application Launcher (PSAL) from the newly upgraded Pulse appliance
b) ---> PSAL will invoke the installation of new/fixed Pulse Setup Client and its files (require local admin priveleges, user might be prompted for local admin credentials if the correct Pulse Secure Setup Client Activex Control / 64-bit Activex Control had not already been installed previously)
c) ---> Pulse Setup Client will download and install the new/fixed Host Checker

Once passed host checking, user should click on the link under "Terminal Sessions" so that PSAL can invoke Pulse Setup Client to install the new/fixed Pulse Secure Terminal Services Client

Truly a pain...

my question is:   I have a bunch of Windows users who never needed any help, their connections continue to work.  BUT if I just install 9.1r11.3 will it break the current working users??????!!!

Hi jordanl17

Is your appliance running a PCS release older than 9.1R8?  Appliances running releases earlier than 9.1R8 (e.g. 8.3R7.1, 9.0R4, 9.1R3, etc) are not affected.  Appliances set up to use Guacamole HTML5 Remote Desktop (instead of Pulse Terminal Services) WITHOUT Host Checking are not affected.

I have no clue about your case, since EXTERNAL Host Checker, Terminal Services, etc all broke for 13 of my appliances running 9.1R8.2, 9.1R10, 9.1R11, etc. I'm not sure how Host Checker or Pulse TS is working for your users if your 9.1R8+ appliance is set up to do Host Checking.

Eventually you will need to upgrade the affected appliance to 9.1R11.3 anyhow to fix this issuefor the long run.  I can't really say whether it will break your users.

Hello,

migrate from PCS release 9.1R11.1 to 9.1R11.3. 

HTML5 Remote Desktop sessions are working well with both.

Terminal services Remote Desktop are broken with both, even after done the pulse component manual removal on client.