Reset Search
 

 
Article

KB21950 - Network Connect /Pulse Secure Desktop Client start script fails to launch

Printable View
« Go Back

Information

 
Last Modified Date8/1/2015 9:43 AM
Synopsis
This article describes the issue of the failure of the Network Connect /Pulse Secure Desktop Client start script fails to launch start script to launch. This may occur due to the authentication failure caused by fragmented Kerberos TGS-REQ packets.



 
Problem or Goal
  • PCS is configured to launch the Network Connect start up script; this script maps network shared drives.
 
  • At the end client, we may come across a situation where the NC start script stops after launching Network Connect and the network driver mapping fails.
Cause
  1. The MTU of Network Connect /Pulse Secure Desktop Client virtual adapter is always less then or equal to 1400. For more information, refer to KB21481- [SSL VPN] How is the Network Connect adapter MTU (Maximum Transmission Unit) calculated?
 
  • By default, Kerberos uses connectionless UDP datagram packets. Depending on a variety of factors including security identifier (SID) history and group membership, some accounts will have larger Kerberos authentication packet sizes. These larger packets have to be fragmented when going through a Network Connect /Pulse Secure Desktop Client interface according to their MTU size.
 
  • By default, Windows 2000/Windows XP will use the UDP port 88 for Kerberos authentication, as UDP is a connectionless protocol and fragmented UDP packets will be dropped if they arrive at the destination out of order.
Note:  Windows Server 2008, Windows Vista, and Windows 7 will try to first TCP for Kerberos.
 
Solution
We can force the Windows clients to use TCP for Kerberos authentication by setting appropriate registry key value:
  1. Launch the Registry Editor(regedit.exe).
 
  • Locate and then click the following registry subkey:

         HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters

    Note: If the Parameters key does not exist, create it.
 
  • On the Edit menu, click New, and then DWORD Value.
 
  • Type MaxPacketSize and then press Enter.
 
  • Double-click MaxPacketSize, type 1 in the Value data field, select the Decimal option, and then click OK.
 
  • Exit the Registry Editor.
 
  • Restart your computer.

For more information, refer to the following link:

http://support.microsoft.com/kb/244474
 
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255