Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pulse Secure to SRX on Win7 (win2k8R2) issues

alsoft
Regular Visitor
‎05-04-2018 05:09:AM
‎05-04-2018 05:09:AM

Pulse Secure to SRX on Win7 (win2k8R2) issues

Cannot connect to SRX240H2 Dynamic VPN using pulse secure client on Win7 or Win2k8R2 Server. MacOS, Win8.1, Win2k12R2, Win10 clients work fine.

The client shows error 1453, windows system log shows Secure Channel errors (event id 36874, 36888, 36887). The SRX httpd log shows "httpd: 2: "Comms Error", code 550: Communications read error". The SRX is reachable and shows dynamic VPN service page if accessing it from browser.

JunOS 12.3X48-D65.1
Pulse Secure Client 5.3r1.0-b587

Any advice on debugging this will be appreciated.

 

UPD: After digging into tcpdump I've noticed that Pulse Secure client on Windows 7 is trying to negotiate with SRX using TLSv1 which is disabled in latest JunOS, then it tries to failback to SSLv3 which Windows doesnt seem to like - in the end connection fails. Is there any way to force Pulse Secure to use TLSv1.2 on Windows 7?

 

UPD2: Confirmed that Pulse Secure client uses TLSv1.2 by default on Windows 8 and 10. Why its behaviour is so different on Windows 7 and 2008R2?

4 REPLIES 4
dev67
New Contributor
‎06-21-2018 10:51:AM
‎06-21-2018 10:51:AM

Re: Pulse Secure to SRX on Win7 (win2k8R2) issues

bump...

 

I think I'm having the same issue. Any help out there? 

 

Thanks

0 Kudos
dev67
New Contributor
‎06-22-2018 06:19:AM
‎06-22-2018 06:19:AM

Re: Pulse Secure to SRX on Win7 (win2k8R2) issues

Figured it out. Check this link if you're having the same problem. 

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-s...

dev67
New Contributor
‎06-25-2018 05:15:AM
‎06-25-2018 05:15:AM

Re: Pulse Secure to SRX on Win7 (win2k8R2) issues

fixed link

indyvql
Senior Member
‎03-15-2019 12:46:PM
‎03-15-2019 12:46:PM

Re: Pulse Secure to SRX on Win7 (win2k8R2) issues

Thank you for providing this information. This is a scenario that we encountered as well with an SRX220H2 on 12.3X48-D75.4 with Pulse Secure 5.1.5. In order to fix it, we followed the Microsoft article (at https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-sec...) by installing the Easy Fix file and adding the two registry keys per "Enable TLS 1.1 and 1.2 on Windows 7 at the SChannel component level" (see below).

 

For TLS 1.1
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
DWORD name: DisabledByDefault
DWORD value: 0

For TLS 1.2
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
DWORD name: DisabledByDefault
DWORD value: 0

 

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.