- Pulse Secure Community
- :
- About SF_Dan_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
SF_Dan_
Frequent Contributor
75
Posts
0
Kudos
2
Solutions
08-21-2014
12:47:PM
perfect! Thanks
... View more
08-21-2014
12:30:PM
I have a scenario where 50+ laptops are being imaged from 1 image that has the pulse client installed. They are NOT sysprepping these images (against my recommendation) and what is happening is 1 of the systems can use the Pulse client to connect but the moment someone else connects using another one of the imaged laptops it kicks the previous person off. Nothing shows up in the SA logs but there are a few entries in the Windows logs: Event ID: 308 Source: IVE The server disconnected connection Lincoln VPN (ID 3c69ae7e-1064-421a-acff-d52de0188bb6) Reason (6): agentd error Server detected error. Peer address: xxx.xxx.xxx.xxx Event ID 307 Source: IVE The connection Lincoln VPN (ID 3c69ae7e-1064-421a-acff-d52de0188bb6) encountered an error: Network error. System error (10054):An existing connection was forcibly closed by the remote host. Peer address: xxx.xxx.xxx.xxx Anyone run into this or know what is happening? Thanks, Dan
... View more
07-02-2014
08:44:AM
yes, I have a lab SA2500 I can test with. I see that 5.0R5 just came out so I am going to try and test going from 5.0R4.1 to 5.0R5. I will install the 5.0R4.1 client with SCCM and see if the web upgrade works
... View more
07-02-2014
08:35:AM
How did you test the upgrade? I tested numerous times on my lab appliance and if I install the 3.0 pulse client using the web install it then upgrades to 5.0 fine, it is when I install the client with SCCM that it will not upgrade.
... View more
06-30-2014
02:07:PM
Pulse on the SA is 5.0.4.47117 Clients previously had 3.0.
... View more
06-30-2014
10:42:AM
I am running a cluster of SA6500 appliances. I upgraded from 7.2R4 to 8.0R4.1 and had lots of issues with the Pulse clients. I do have "Enable web installation and automatic upgrade of Junos Pulse Clients" under System -> Options but 90% of my users were never prompted to upgrade their client. Is this normal behavior? The only thing I can think of is that I deployed most of those clients using SCCM so if you deploy using a tool like SCCM does the pulse client ignore the auto upgrade option on the IVE? If that is the case is there a flag you can set in the install to allow the auto upgrade from the appliance?
... View more
11-04-2013
01:15:PM
It appears Pulse 3.0's host checker is not compatible with 7.3. I have a clean load of the Juniper 7.3R8 with a basic AV check and it still connects fine but then kills the connection after the host checker runs the first time after connection with no reason given in the logs.
... View more
10-31-2013
06:31:AM
host checker runs every 3 minutes and when it runs that is when it disconnects. The weird part is hostchecker passes all requirements the very first time it connects to the realm but the second time it runs it fails antivirus and firewall checks and just leaves the reason field blank and disconnects the client. The client actually meets requirements so that makes me believe the host checker version is not compatible with 7.3R8? Current lab environmant: SA2500 - 7.3R8 (build 27317) ESAP 2.4.1 Pulse 3.0.4.25005
... View more
08-12-2013
11:27:AM
Setup: SA6500 System Version 7.2R4 (build 21697) Pulse version 3.0.4.25005 Problem: The user realm is currently configured to use Identikey for Authentication and LDAP(Active Directory) for Directory/Attribute. I have role mapping based on active directory groups. The problem is when the user appends the domain to their username role mapping no longer functions. Example - User name = ABC Domain = domain.loc Works - User enters their username ABC and their password+token and role mapping works fine. Doesn't work - User enters their username+domain(ABC@domain.loc) and password+token and Active Directory group role mapping does not work. Logs when working: As you can see it authenticates successfully and then moves on to getting directory information. In the screenshot below when using the username with domain appended you will see it stops at the "Requesting more sign-in prompts" Logs when broke - The user will get connected with the last default role but all other role rules based on active directory group memberships do not work. Any help would be appreciated. Thanks, Dan
... View more
05-02-2013
06:43:AM
latency - 28ms average sync user sessions and last access time Not sure if this is releated but another weird symptom is if we lose circuit connectivity between the nodes it drops people from all 3 nodes. I don't think that is supposed to happen, the SA devices should work independently of each other.
... View more
05-01-2013
10:09:AM
Current Setup - 3 SA6500 appliances in active/active cluster located in 3 separate states, all locations connected by circuits 7.2R4 (build 21697) Pulse 3.0 (build 3.0.4.25005) Problem - I am seeing large amounts of pulse users randomly drop at the same time and have to re-connect. This seems to happen on 2 out of the 3 appliances we have. The screenshot attached shows the graph showing the big drop and other screenshot shows users re-connecting at the same time. Event logs show nothing, any ideas? I do see the following in the release notes: 7.2 R7 -pulse-connmgr- If the SA is heavily loaded, Pulse users randomly get disconnected. (831242) I am not sure if this would really apply to my situation as my cpu load is less than 10%. Any input would be appreciated. Thanks, Dan
... View more
04-10-2013
12:31:PM
It seems to fix it if you change the AV definition check from: Virus Definition files should not be older than X Updates. to: Virus Definition files should not be older than X Days.
... View more
04-08-2013
11:45:AM
ya... I can't believe this, it has been almost 3 months since the update and they can't figure it out.
... View more
03-28-2013
02:12:PM
the user log does not show me what IP is associated with the connected user, just their source IP. I need to know who had the IP handed out by the SA. Thanks, Dan
... View more
03-28-2013
01:31:PM
I am using a SA6500 and currently have an IP address pool specified in the DHCP section of the connection. How can I determine who was assigned an IP address at a certain time? I know I can filter logs for time but I do not show any reference to the IP address assigned to the user when connected Thanks, Dan
... View more
02-27-2013
06:32:AM
scoutt - Has Juniper responded to you about McAfee yet? I can't believe it takes months for this to be resolved, very frustrating. Dan
... View more
02-21-2013
12:19:PM
are you kidding me???? 2.3.3 is out and I see nothing in the release notes about a mcafee 16.1 fix? It's been 2 months!
... View more
02-06-2013
08:36:AM
Thanks, Scoutt, hope support is able to get this figured out asap with your help. Dan
... View more
01-30-2013
05:00:AM
same problem here, Mcafee16.x is supported since a few ESAP updates ago but McAfee released 16.1 a couple weeks ago and AV checks are now broke. This affects home users so I don't have a copy of the McAfee software and don't have time to work with support so hopefully this gets fixed soon. This happens too much. Dan
... View more
10-31-2012
11:11:AM
I just discovered this happens when people log into the admin web console... Interesting
... View more
10-30-2012
12:02:PM
Unfortunately from my testing the amount of checks you can do on ipad/iphone devices is very limited. Since I've upgraded to 7.2 I see they now have support for something called Mobile Security Suite ( http://www.juniper.net/us/en/products-services/software/junos-platform/junos-pulse/mobile-security/#features-benefits) I have not researched it much yet but figured I would provide the link. Hopefully someone with more experience with mobile devices and Juniper could contribute to the thread also. Thanks, Dan
... View more
10-30-2012
09:55:AM
no, typically a cert does not need to be generated on the device it is being installed on. Maybe I am confused on what you are trying to accomplish. Are you wanting to use host checker to see if a certificate is installed on the client prior to letting it connect to your vpn?
... View more
10-30-2012
08:53:AM
You can generate a certificate request from any source (openSSL, windows MMC, etc). I usually generate my csr files from an advanced certificate request using the windows certificate MMC. You can use this link as a guide - http://blogs.msdn.com/b/andrekl/archive/2008/09/24/how-to-generate-a-csr-for-an-iis-website-using-the-windows-vista-server-2008-certificates-mmc-plugin.aspx
... View more
10-30-2012
08:39:AM
yes. I have 3 6500 appliances clustered actve/active and they are located in sepereate states. As zanyterp mention latency does need to be very low or you will have issues Thanks, Dan
... View more
10-30-2012
08:28:AM
Can anyone explain what exactly the hit per second graph on the system status page is? I have a cluster of 3 Juniper SA6500 appliances in 3 locations and they are used for vpn tunneling only. 2 of the appliances have less than 10m hits per second at any one time but in the 3rd location I constantly see it spike to 400m+ for long periods of time, is this something I should be worried about? The appliance with the high hits only has about 100-150 people connected external and internally at any point in time. I am trying to decide if I should mirror this traffic and analyze it but figured I would start here to see if it is even something I should be worried about. Attached a recent screenshot, it went from very little to 200m and has spiked to 400m Thanks, Dan
... View more
10-25-2012
01:17:PM
It seems that this is the problem. Happnes on XP also, not just Windows 7. Would this be something to report as a bug?
... View more
10-25-2012
07:27:AM
I am basing the "connected" statement on the fact that the Pulse GUI says connected. Will pulse say connected prior to the tunnel being fully established? So far I have only seen it happen on Windows 7
... View more
10-25-2012
06:47:AM
Recently I upgraded our 6500 SA's from 7.1R2 (build 18193) to 7.2R4 (build 21697) and Pulse 2.x to Pulse 3.x on clients. Some clients are reporting a weird DNS issue where after they connect to the VPN they cannot resolve DNS for about 30 seconds. I have confirmed this happens as I can occasionally re-create it on a couple of my test systems. Has anyone else experienced similar issues? Current Setup: SA6500 7.2R4 (build 21697) Pulse (3.0.4.25005) thanks, Dan
... View more
10-25-2012
06:34:AM
Thanks for the quick response. I will check the DNS server to see if there is any way I can accomplish what I need there. Thanks, Dan
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
