I'm very new into researching this but I've gotten many new cases about drops after the upgrade.
Anyone experience the same thing ?
Solved! Go to Solution.
This worked. I told my tech and he was able to locate a desciption of a similar problem somewhere. The problem is our IPSEC keys are good for 8-hours. We do this for a variety of reasons but will probably lower it now. Control-data now flows over NCP (SSL). This must have changed somewhere between versions 6.0R7 and and 6.5R3.1. Well, this control data is limited to the timeout you set under Configuration, NCP. (I dont know why. I personally dont think control-data should ever time-out until the session is closed.) In short The NCP Timeout value has to be greater then the key exchange time. I see this as a bug.
Whatever, it's fixed.
When you say drops, can you be a bit more specific? Is it the SSL dropping, SAM, Network Connect?
Normally after an upgrade, if users are experiencing any connectivity issues, clean the cache and uninstall the Juniper apps from Add/Remove programs.
Network Connect. We are doing uninstall/reinstalls. So far we're not sure if this is resolving the issue.
Just some more information:
It appears that reinstalls are not fixing all the issues.
2 users state it looks like the network cable has been unplugged, but it hasnt.
I then get an error in the event log which states: the IP Address lease x.x.x.x for the Network Card with network address 00FF98CCXXXX has been denied by the DHCP server 10.200.200.200 (The Server sent a DHCPNACK message.)
I also have a report of a user who cannot 'Log Off'.
ncp_dsssl.cpp:803 - 'DSSSL_recv' returned 0x2746 error.
'ncphandler' control channel disconnected due to error 2746
session.cpp:552 - 'session' reconnecting attempts = 1
- then a whole bunch of RMON statements like this:
'rmon' interface 0x00000003 has address 0.0.0.0
'rmon' interface 0x00000001 has address 127.0.0.1
'rmon' Failed to find a route for xxx.xxx.xxx.xxx
session' reconnect period to ive xxxxx.xxx.com expired
'session' disconnecting from ive xxx.xxx.com with reason 6
Sorry to keep posting this out here but JTAC level 1 is not helping. They wont call me back until after I leave for the day. They promise you a call in 1 hour and then dont call. This is a interesting game they play.
Your best bet would be JTAC. If you are not getting the help you need with Level 1 ask them to escalate the case. If they give you issues with this, speak to a manager. If this doesn't work, call the JTAC support number, select the option for Customer Service and explain the situation. No reason why you should not get the proper help you need via JTAC.
Thanks for the reply. I am working with JTAC. I'm documenting my experience. In short, it's not good. I was promised calls by specific times twice and never received calls.
I finally got my case escalated but my senior technician is on Pacific Standard Time. That means he wont be in for 3 more hours. I guess Juniper has no East Coast second level support.
I've done the Customer Service thing before as well. It worked a few years ago, but when I did this 6 months ago, the person told me they could not escalate cases.
Users also complain of "Network Cable Unplugged errors" when the cable is not unplugged.
JTAC says Mcafee is causing the problem. I dont see how that can be.
Have you tried to disable McAfee to test JTAC's theory?
Contact your local Juniper REP and let them know of the issues with JTAC. Hopefully you can get someone on your timezone that can help.
Not Mcafee. We've confirmed. I have a East Coast Rep but he never called me back.