Deploying the Junos Pulse Client poses one major problem, if you don’t have some kind of endpoint server, there is no way to bundle configuration settings. For example, with an endpoint it works like this:
msiexec -i JunosPulse.x86.msi CONFIGFILE=”PathToConfig\myconfiguration.jnprpreconfig” ADDLOCAL=PulseSA /q
Of course, that doesn’t help us if we don’t have a centralized setup. The best I could figure out is wrapping up the 32 and 64 bit MSIs into one package, deploying them, and having the user enter the URL to the server; it’s not great…and I expect more from Juniper. See my working script at the bottom.
Things I did try (that did not work):
(1) Performing a snapshot of the install…capturing the settings.
(2) Modifying the MSI
(3) Creating a MST
(4) Creating my own config file
(5) Using MSI options
Sample Config File (the unique info is in bold)
schema version {
version: “1”
}
machine settings {
version: “5”
guid: “test12345678910-test1234-1234test-1234-12345678910“
connection-source: “preconfig”
server-id: “12345678910-1234-1234-1234f-12345678910”
allow-save: “true”
user-connection: “true”
splashscreen-display: “false”
dynamic-trust: “true”
dynamic-connection: “true”
wireless-suppression: “false”
}
ive “test12341324-1234-1234-1234-12345678910” {
friendly-name: “SA auto connect”
version: “3”
guid: “test12345-1234-1234-1234-12345678910“
server-id: “test12345678910-test1234-1234test-1234-12345678910”
connection-source: “preconfig”
uri: “vpn.ourcompany.com”
connection-policy-override: “true”
use-for-secure-meetings: “false”
use-for-connect: “true”
connection-identity: “user-at-credprov”
connection-policy: “automatic”
preferred-realm: “OurCompany”
preferred-roleset: “OurCompany_Computer_Windows_autoconnect”
sso-max-delay: “120”
sso-user-based-virtual-lan: “false”
}
Other important information
Sample Output
When you use ADDLOCAL, you should append msiexec options /qn or /qb to the command line to suppress the installation program user interface. These examples use /qb.
To install PulseUAC with 802.1x and Enhanced Endpoint Security support on a Windows 32-bit endpoint using a configuration file, use the following command line:
msiexec -i JunosPulse.x86.msi CONFIGFILE=c:\pulse\Pulse-Connection-no.jnprpreconfig ADDLOCAL=PulseUAC,Pulse8021x,UACEndpointDefense /qb
To install PulseSA on a 32-bit Windows endpoint using a configuration file, use the following command line:
msiexec -i JunosPulse.x86.msi CONFIGFILE=c:\temp\myconfiguration.jnprpreconfig ADDLOCAL=PulseSA /qb
To install PulseSA with Enhanced Endpoint Security and Host Checker on a 64-bit Windows endpoint using a configuration file, use the following command line:
msiexec -i JunosPulse.x64.msi CONFIGFILE=c:\temp\myconfiguration.jnprpreconfig ADDLOCAL=PulseSA,SAEndpointDefense,SAHostChecker /qb
To install PulseAppAccel on a 64-bit Windows endpoint using a configuration file, use the following command line:
msiexec -i JunosPulse.x64.msi CONFIGFILE=c:\temp\myconfiguration.jnprpreconfig ADDLOCAL=PulseAppAccel /qb
To install all Pulse components on a 64-bit Windows endpoint using a configuration file, use the following command line:
msiexec -i JunosPulse.x64.msi CONFIGFILE=c:\temp\myconfiguration.jnprpreconfig /qb
Summary
Two users are trying to connect to the SA device and launch Junos Pulse. The first user’s Junos Pulse session is disconnected, when the second user connects to the same SA device (as the first user) and launches Junos Pulse.
Problem:
User A connects to the SA device via Junos Pulse.
User B connects to the same SA device via Junos Pulse and User A’s session is automatically ended.
Cause:
This issue is due to Disk Imaging-cloning.
The GUID on every client is the number that identifies the client to the server.
If the client and the connection GUIDs match, then the old session is terminated, as the server assumes that an existing client is creating a new session to a connection; to which it already has a connection.
The Client ID is the unique ID of the client and the channel ID is the unique ID of the connection.
Multiple clients can have the same connection ID; but multiple clients cannot have the same client ID.
Both the devices must have a unique GUID.
Solution:
The device must be cloned, prior to making the connection to IVE or the GUID must be deleted in the following section before cloning:
The Junos Pulse connection configuration, which is located at C:\Program Files (x86)\Common Files\Juniper Networks\ConnectionStore\connstore.dat, contains the following section:
machine
“local” {
guid: “9e4898e81ca026623e7fb4c9f4de1f678244fa62”
pulse-language: “en-US”
}
Remove the GUID.
Settings Location
C:\ProgramData\Pulse Secure\ConnectionStore
Older Settings Location
C:\Program Files\Common Files\Juniper Networks\connstore.dat
C:\Program Files (x86)\Common Files\Juniper Networks\connstore.dat
Uninstall and Save Settings
msiexec /x{BAFD722A-4B9A-4152-B565-5BAFDA00A6BE} SAVESETTINGS=1
My script
@Echo on title Administrative Installation by Eddie Jackson color 0a set CurDir=%CD% set UserN=DeploymentServer EVENTCREATE /T INFORMATION /L Application /ID 777 /d “Junos Pulse Client 5.0.48695.0 installation STARTED by %UserN%” :: 64BIT if exist “C:\Program Files (x86)\” ( c:\windows\system32\msiexec.exe /i “%CurDir%\JunosPulse.x64.msi” /qn /norestart EVENTCREATE /T INFORMATION /L Application /ID 777 /d “Junos Pulse Client 5.0.48695.0 64bit installation COMPLETED!” goto :END ) :: 32BIT c:\windows\system32\msiexec.exe /i “%CurDir%\JunosPulse.x86.msi” /qn /norestart EVENTCREATE /T INFORMATION /L Application /ID 777 /d “Junos Pulse Client 5.0.48695.0 32bit installation COMPLETED!” goto :END :END %windir%\system32\REG.exe ADD “HKEY_LOCAL_MACHINE\SOFTWARE\DEPLOYEDSOFTWARE\Junos\Pulse\5.0.48695.0” /v InstallDate /d “%date% %time%” /t REG_SZ /f %windir%\system32\REG.exe ADD “HKEY_LOCAL_MACHINE\SOFTWARE\DEPLOYEDSOFTWARE\Junos\Pulse\5.0.48695.0” /v InstalledBy /d “%UserN%” /t REG_SZ /f exit /b 0
Notes
Also see: Pulse disconnecting users