Hi Zanyterp,   I enabled Autolaunch on the bookmark but it still does not launch.   I have another problem as well where you guys maybe can help me.   I have tried to configure this also with the following scenerio :   First Auth Server is a Certificate Server and the second one an LDAP server.   There is a link between both using the Certserial and IP Phone (LDAP)   But the problem is that I seem not to be able to populate the correct username (USERNAME[2]) i presume) which results in citrix is not able to load any resources in that scenario.   What should the user variable set to? And what about the password one?   I tried to configure the Citrix profile with a static test user for testing and this works, but as there has to be single sign on, I cannot keep this setup in place.   I do not seem to find the right variable to put in the User field of the profile.   Can you guys help?   Thanks,   Kristof ... View more

Hi zaniterp,   Thank you for that. What happened to the pop up of the recommended releases? This link has no been hidden somewhere in the background and difficult to find according to me.   Thanks,   K. ... View more

Hi Jay,   Links are like www.google.be ...   The reason why I posted it here is because I cannot get support from Juniper JTAC at the moment.   Kind regards,   K. ... View more

Never mind ... issue was caused by someone upgrading an SA cluster with plenty of IVSs without checking for local admin rights or JIS first. Tread closed :) ... View more

Hi zanyterp, Exactly my point ... seems we're on the same wave length only our wordings differ ... :) Kind regards, K. ... View more

The answer to your question could be like a book in size. LDAP is mainly used in case you want to do role mappings based on attributes in user accounts which is something you cannot do using AD as an authentication server. Please be sure to add the attributes you want to use or make sure they are in the LDAP Server catalog (Auth Servers > Your LDAP server > Server catalog option.) before using it in any of your role mapping rules. What concerns your USER vs USERNAME : in every auth method the two are equal apart from LDAP where USER = DOMAIN\USERname (e.g. contoso\jdoe) and USERNAME = username (e.g. jdoe) Thanks, Kristof ... View more

Hi Eric, Which IVE version are you running? W7 is only supported from the 6.5R2 onwards. The best thing for you to do to get stable NC connections if you use windows 7 is to upgrade at least to 7.0Rx (soon 7.1Rx) as the support for W7 improves in every IVE version. Let me know how it turns out ... Kind regards, Kristof ... View more

Do you have Autolaunch enabled for JunOS Pulse on the role you get assigned when connecting via your iPAD? Thanks, Kristof ... View more

Can you add some screenshots? Is reachability ok via the troubleshooting tool? Is there a FW between your SSL box and your App Servers? In the end the app might not be supported by Juniper though but these were the first questions that popped up in my mind ... Thanks, Kristof ... View more

Sanjay, That should be an easy one. Which protocol are you using for authentication on the RSA appliance. I suppose it is RADIUS? In that case, create two auth servers : one LDAP and one RADIUS specifying the details upon creation (like IP, base DN, etc ... and create a realm having your two servers in there. As soon as you have that you can modify the sign in page to display whatever you want to put in front of the fields to be descriptive for your end users. For example you could modify the token field as 'Token Code' and the LDAP Password as Domain password. Let me know if you have additional questions, Thanks, K. ... View more

Do you see anything in : - the user access logs on your SA device? - the terminal services log? Do you have local admin rights on the box you're trying to use the TS client on? Is your AV giving you messages that it has blocked something? If so, try to disable it during TS Client install. Kind regards, Kristof ... View more

Guys, I have been troubleshooting a bit more on this problem before and the problem is not really the SA. It's more the credentials that are allowed to logon to OWA. You can configure the OWA URL perfectly so that it will paste the Standard domain I believe MS calls it, in automatically when trying to sign on. If your Exchange admin does not want to change this option, ... the above is indeed the correct way to go! Thanks, Kristof ... View more

He Guys, Just wanted to let you know that this finally worked out well. The only problem was that the user that was testing this for us had provided us with the wrong serial number of his ID card (his passport in this case.) Hence we were not seeing anything in the logs and the comparison between AD and his cert serial returned a NULL value for the [email protected] Once we had the correct serial in his POBox field the sAMAccountname was populated correctly and we could use it for SSO. It has taken me a while but I will never forget this one. Sorry that it took me so long but I am on vacation in Indonesia and getting on the Net is not that easy here :) Kind regards, Kristof ... View more

Zanyterp, This worked out great. Thanks for your help. Kind regards, Kristof ... View more

Hi, Have you tried the Network Connection Session start script options? (Under the specific role and NC options) You can specify the UNC path for the script and make it based on some username the user enters at the beginning entering \\SERVERNAME\PATH<USERNAME>.bat. In the session end script you could specify a scripte containing just a net use /d. I hope this helps. Thanks, Kristof ... View more

Hi Roger, Make also sure that your firewall is not blocking access from your LAN to your SSL device. You might wanna look at your DNS as well so that you have a record to resolve your SSL box's URL from the inside. Make sure that your hostname is set correctly as mails will be sent containing the URL https://hostname/meeting/xxx This is mostly important when you would be sending invitations to the outside world but anyhow ... As Keith said, just give a shout if we can help you. Thanks, Kristof ... View more

Hi Zanyterp, The request is handled by one of my colleagues but we scheduled it for tomorrow. I'll let you know if it fixed the problem asap. Thanks for your help, Kristof ... View more

Hello Zanyterp, I will try and let you know. What would custom headers policies change to the default behavior? (I'm trying to understand :)) Grtz K. ... View more

Sandy, Just go to your OWA Resource Profile and go to the Autopolicies and put the Autopolicy Single Sign on to Disable SSO and your SSO is disabled. Be aware that you will lose all your variables that you have configured in Remote SSO and that you will need to re-enter them whenever you want to switch back on your SSO. Thanks Kristof JNCIS SSL ... View more

Hi Gents, This is the key holding your JunOS Pulse startup trigger : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (I'm working on 64bit W7 machine Easy way to disable it (and find out the key value on your system) is Start > Run > msconfig > Startup ... If you want it to start tick the box, if not untick, reboot and you're all set. I agree that Juniper should provide this option in the IVE OS or in the Pulse install package. Thanks, Kristof ... View more

Hi, As already stated by someone else, please specify what you want to accomplish? - OWA 2007 : look in the Juniper KB (It's well documented there - search terms 'OWA+2007'. Try to be on 7.0Rx before starting to configure that one. (The only thing specific you need to know is your URL for OWA as it's needed in the configuration. - Through NC : there's a nice list on MS's website with all the ports that need to be opened on your firewall for the NC range on your SA. (This is something you could ask your Exchange team.) Thanks, Kristof ... View more

Hi Ben, I have the same problem here. The only time I succeed getting rid of the Task Guide window was when I was using a super admin session. Let me know if you would find any kind of solution. Thanks, Kristof ... View more

Hi Matt, My personal opinion, and I'm not ignoring you have a problem here is to stay on the latest recommended release of the IVE OS being 7.0Rx. I work at a reseller and I'm always trying to keep up with the most recent recommended version on all devices but not more recent than that just because of things that might be not fully fine tuned in version that Juniper released recently. Kind regards, Kristof ... View more

Hi Meh, When you do a Policy trace ... do you see that you hit an SSO policy for your DWA resource profile? If you're not seeing anything there, it would be logic that you don't see any attempts in your Notes logs. You're saying you're trying to do SSO but how is your link between the username that users enter at logon to your SA and their Notes username in the Domino Directory? Just curious ... Thanks Kristof ... View more