Juniper Pulse Disconnecting Users – Shared Install

email me

Problem

Multiple users report intermittent disconnects with the Pulse Secure Desktop client. There is no specific interval when this issue will occur as it will depend if the multiple user are attempting to login to the computer with the same machine guid.


Cause

This issue will occur when Pulse Secure Desktop client is preinstalled on a base image which is used to deploy to multiple machines. If this is true, the local machine ID stored in the connection store file may be the same on multiple machine.

When a Pulse Secure Desktop client connects to the PCS device, some session data is sent including the local machine identifier in the connection store file. The Pulse Connect Secure device identifies each user sessions by the local machine identifier and expects this value to be unique. If multiple connections are sending the same machine identifier, the PCS device will terminate the oldest session for security reasons.

Screenshot of Connstore.dat and Registry (click to zoom)


Solution

If you already have users that have the Pulse client installed, I recommend doing two things.

#1 Delete this reg key
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Juniper Networks\Device Id

#2 Use Orca to modify the Pulse.msi and change SHAREDINSTALL from 0 to 1. Reinstall this modified client using a simple script or your desktop management software.

Orca – Property Table – Property SHAREDINSTALL

A reboot will most likely be required to reload all the Juniper services.

 

Notes

The Junos Pulse connection store file is located
C:\ProgramData\Pulse Secure\ConnectionStore\connstore.dat

The reg key is located
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Juniper Networks\Device Id]

Also see: Deploying Pulse Client