2

We've having the issues described here: http://kb.juniper.net/InfoCenter/index?page=content&id=KB26822 where one user kicks another user off the VPN when connecting. Our PCs were cloned after the Junos GUID was created. The KB article says to:

The Junos Pulse connection configuration, which is located at C:\Program Files (x86)\Common Files\Juniper Networks\ConnectionStore\connstore.dat, contains the following section:

machine 
"local" {
    guid: "9e4898e81ca026623e7fb4c9f4de1f678244fa62"
    pulse-language: "en-US"
}

I've tried deleting the GUID line from the connstore.dat file, but if I restart the Junos client, it sets the same GUID instead of a new one, so the duplicate GUID problem persists.

I also tried deleting the connstore.bak file and then deleting the GUID line from connstore.dat, but that still got the same GUID.

Has anyone else run into this and been able to fix it? I'm guessing the GUID is cached on the VPN server, and when I connect, the client sends some key to lookup the GUID.

Walter Stabosz
  • 213
  • 3
  • 10

5 Answers5

2

The following solution worked for me: I stopped the Juniper Unified Network Service as specified in the Walter Stabosz answer, then I removed guid from the connstore.dat file, but also from the Registry:

HKEY_CURRENT_USER\Software\Juniper Networks\Device Id, key: DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Juniper Networks\Device Id, key: DeviceId

After restarting Juniper Unified Network Service and the Junos client the new guid was generated.

tafit3
  • 121
  • 3
1

I figured it out.

Before you edit connstore.dat to delete the GUID line, you must first to go into Services and stop Juniper Unified Network Service.

Or in Task Manager, you can kill: dsAccessService.exe / Juniper Access Service

The service will restart itself when you restart the Junos client.

Walter Stabosz
  • 213
  • 3
  • 10
1

Remove the registry key and then restart the service. Connstore.Dat will automatically update with a new key after you restart the service.

Christopher Chung
  • 11
  • 1
1

An KB was created for that on Juniper's website. (http://kb-beta.juniper.net/InfoCenter/index?page=content&id=KB25581, now article located there: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB25581)

I confirm too that now you need to erase too the registry like @tafiq3's told:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Juniper Networks\Device Id

Summary:

This article describes the issue of Junos Pulse being frequently disconnected for multiple Junos Pulse Desktop users.

This issue can occur, if multiple users have the same guid string value for the local machine ID in the Connection Store configuration data file; which is created, when installing Junos Pulse for the first time.

The issue is intermittent and can occur at any time during the session. At other times, the session is not affected and the Junos Pulse user stays connected, until they sign out.

Problem or Goal:

Multiple users report frequent disconnects with the Junos Pulse desktop client that occur randomly. The following error message is generated on the desktop, when Junos Pulse is disconnected:

Cause:

When deploying Junos Pulse desktop to end-users, if the Junos Pulse client is pre-installed on Windows OS and an image is created from this, which is shared across multiple endpoints, then the local machine ID that gets stored in the Junos Pulse Connection Store configuration data file will be the same for every machine that the image is used on.

The Junos Pulse Secure Access Gateway Series device identifies user sessions that connect with the Junos Pulse clients by the local machine identifier, which is sent to the server, when a connection is established via Junos Pulse. The Junos Pulse Secure Access Gateway Series device will terminate a Junos Pulse session, if another Junos Pulse session is started with the same guid value, for security reasons.

To determine if Junos Pulse users in your environment are affected by this issue, collect the Junos Pulse logs and diagnostics logs from the Junos Pulse client, from each individual client PC. Open the logs and Diagnostics folder from the user's PC and browse to the ConnectionStore folder, which will contain the connstore.dat file. Open this file with a text editor and locate the following parameter:

machine "local" { guid: "d96b50d4275ef266d402348641e6b57b10b48bd3" pulse-language: "en-US" }

If the guid string is identical across multiple client PC's, then this confirms the issue.

Solution:

When deploying Junos Pulse, which is pre-installed for a Windows OS image being shared across multiple endpoints, the guid value for the local machine should be removed from the Junos Pulse configuration file, after installing Junos Pulse; so that the Junos Pulse configuration data files in the root image do not contain a guid value that would be replicated on all machines. A new and unique guid value will be generated for each user, when Junos Pulse is launched and run for the first time.

Perform the following procedure to reset the guid for users, who have already installed Junos Pulse and have duplicate guid values in the Junos Pulse configuration file or the master image (which is used to pre-image multiple PC's with an image that Junos Pulse has already been pre-installed on): 1.When Junos Pulse is installed browse to C:\Program Files(x86)\Common Files\Juniper Networks\Connection Store and open the connstore.dat file in a text editor.

2.Locate the following parameter: machine "local" { guid: "41cbc0d2a1a100855755b4355d6d2579836694cd" pulse-language: "en-US" }

3.Remove the guid value from the parameter by deleting the entire second line. This will change the parameter setting to:

machine "local" { pulse-language: "en-US" }

4.Save the modified connstore.dat file to the original directory.

Note: It may be necessary to edit the 'connstore.dat' file in a Text Editor, which is 'Run As Administrator', if these changes are locally made from the affected PC; due to the folder and file permissions that are set on the directory.

5.Go to Task Manager > Services tab, locate and stop the JuniperAccessService service, and/or reboot the PC to restart the service. When the service is restarted and Junos Pulse has been launched again, a new and unique guid will be generated and stored in the user's connstore.dat file.

6.On Mac OS X the following script can be used:

!/bin/bash

stop pulse access service

remove local guid from connstore.dat

restart service plist='/Library/LaunchDaemons/net.juniper.AccessService.plist'

connstore='/Library/Application Support/Juniper Networks/Junos Pulse/connstore.dat' guid=xxx....xxx sudo launchctl unload ${PLIST.EN_US} sudo sed -i .bak "/${GUID.EN_US}/d" "${CONNSTORE.EN_US}" sudo launchctl load ${PLIST.EN_US}

Note: The 'connstore.dat' file also contains the connections that are displayed in the Junos Pulse UI, when it is launched. So, it is recommended that the above procedure be performed to modify only the portion of the 'connstore.dat' file, which was specified above, to resolve this issue; as opposed to deleting the 'connstore.dat' file from the user's PC. If the connstore.dat file is deleted from the PC, the user will need to manually recreate any and all connections that they regularly access.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
0

For a MAC running Junos Pulse 5.x, run the following script:

#!/bin/bash
# stop pulse access service
# remove local guid from connstore.dat
# restart service
sudo launchctl unload /Library/LaunchDaemons/net.juniper.AccessService.plist
sudo rm -rf "/Library/Application Support/Juniper Networks/Junos Pulse/DeviceId"
sudo sed -i .bak "/guid/d" "/Library/Application Support/Juniper Networks/Junos Pulse/connstore.dat"
sudo launchctl load /Library/LaunchDaemons/net.juniper.AccessService.plist

Note: This script is the version found in the KB (referenced in yagmoth555's answer), but with one mistake fixed.

The link to the KB is now the following:

KB25581 - [Pulse] Pulse Secure Desktop client is intermittently disconnecting for multiple users at random intervals

John Fowler
  • 101
  • 2