After Jan. 23rd, 2017, Pulse service will fail to start due to an invalid signature. The signature is considered invalid due to the code signing certificate has reached its expiration date of Jan 23, 2017 and the DLL was not timestamped. The ConnectionManagerService.dll is responsible for displaying and managing the connections in the Pulse UI and cannot run if it is not considered valid.
This issue will occur when all of the following conditions are met:
- Issue occurs after Jan 23, 2017. Prior to Jan 23, 2017 the Junos Pulse client worked as expected.
- Client Operating System is Windows.
- Junos Pulse 5.0R7 is installed on the client. To confirm the version of Pulse on the client PC open the Pulse client and select Help > About. The version will be displayed as Version 5.0.7. (Note: Junos Pulse 5.0RX reached end of support on Aug 31, 2016)
Currently, Pulse Secure has confirmed all versions of Junos Pulse 5.0RX are not affected except Junos Pulse 5.0R7. We have also confirmed that Pulse Secure Desktop client 5.1R1 to 5.1R7 are not affected.
To root cause this issue, perform the following steps:
- Navigate to C:\Program Files(x86)\Common Files\Juniper Networks\Connection Manager
- Locate the file ConnectionManagerService.dll
- Right-click on the file and select Properties
- Select the Digital Signatures tab
- Select the Juniper Networks certificate and click Details
- Under Signer Information the Signing Time field will show Not available instead of an actual time stamp and the below that, the Countersignatures field will be blank.
- Click View Certificate and confirm the expiration date of the certificate as 1/23/2017.