Pulse 5.0R1 and above (Windows Only):
The Pulse Secure Desktop installer has a new flag called SHAREDINSTALL. This flag should be set to 1, as shown in the following example, when the installer is being used to create a base shared image that will be deployed to multiple computers. When set to 1, it will install the Pulse application on the image without starting any processes. This will prevent the guid
parameter from being generated on a shared image installation. This unique guid
parameter will be auto-generated when the Pulse Secure Network Service are started for the first time on the actual machine.
To implement this mode, add "SHAREDINSTALL=1" to support deployment on a shared operating system image.
Example: msiexec -i <MSI FILE PATH> SHAREDINSTALL=1
Limitations:
- SHAREDINSTALL and CONFIGFILE (preconfiguration file) flags cannot be used at the same time.
If deploying a pre-configuration file is required, the following command will need to be manually executed or scripted on the end user machine once the image has been deployed.
- Navigate to
C:\Program Files (x86)\Common Files\Pulse Secure\JamUI
via command line - Run
jamCommand.exe -importFile <PRECONFIGURATION PATH>
Mac OS X:
Starting with Pulse Secure Desktop 5.0R1, DeviceID (in /Library/Application Support/Juniper Network/Junos Pulse/ directory) is created during the initial startup of Pulse application to ensure the machine guid is unique per each device. After this point, Pulse Secure Desktop client will check the DeviceID file to ensure the value matches the connstore.dat. If there is any mismatch, the value in the DeviceID will be written to the connstore.dat.
Pulse 5.0R1 and below:
In the following versions, deploying Pulse Secure Desktop client on a shared operating system image is not supported. The following manual solution can be implemented if machines have been deployed with a duplicate machine guid
.
When deploying Pulse Secure Desktop client, which is pre-installed for a Windows OS image being shared across multiple endpoints, the guid
value for the local machine should be removed from the configuration file after installation. This ensures that the configuration data files in the root image does not contain a guid
value that would be replicated on all machines. A new and unique guid
value will be generated for each user when Pulse Secure Desktop client is launched and run for the first time.
Perform the following procedure to reset the guid
for users who have already installed Pulse Secure Desktop client and have duplicate guid
values in the configuration file:
- Browse to
C:\Program Files(x86)\Common Files\Juniper Networks\Connection Store
and open the connstore.dat
file in a text editor. - Locate the following parameter:
machine "local" {
guid: "41cbc0d2a1a100855755b4355d6d2579836694cd"
pulse-language: "en-US"
}
- Remove the
guid
value from the parameter by deleting the entire second line. This will change the parameter setting to:
machine "local" {
pulse-language: "en-US"
}
- Save the modified
connstore.dat
file to the original directory.
Note: It may be necessary to edit the connstore.dat
file in a Text Editor, which is ,Run As Administrator
if these changes are made locally from the affected PC, due to the folder and file permissions that are set on the directory. - Go to Task Manager > Services tab, locate and stop the JuniperAccessService service, and/or reboot the device to restart the service. When the service is restarted and Pulse Secure Desktop has been launched again, a new and unique
guid
will be generated and stored in the user's connstore.dat
file.
Note : In some cases, we may need to perform additional step below if the GUID still does not change :
Delete the registry key below :
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Juniper Networks\Device Id Reboot the PC.
The GUID value generated should now be different.
On Mac OS X the following script can be used:
Pulse 4.0 and below:
#!/bin/bash
# stop pulse access service
# remove local guid from connstore.dat
# restart service
sudo launchctl unload /Library/LaunchDaemons/net.juniper.AccessService.plist
sudo sed -i .bak "/guid/d" "/Library/Application Support/Juniper Networks/Junos Pulse/connstore.dat"
sudo launchctl load /Library/LaunchDaemons/net.juniper.AccessService.plist
Pulse 5.0 and above:
#!/bin/bash
# stop pulse access service
# remove local guid from connstore.dat
# restart service
sudo launchctl unload /Library/LaunchDaemons/net.pulsesecure.AccessService.plist
sudo rm -rf "/Library/Application Support/Pulse Secure/Pulse/DeviceId"
sudo sed -i .bak "/guid/d" "/Library/Application Support/Pulse Secure/Pulse/connstore.dat"
sudo launchctl load /Library/LaunchDaemons/net.pulsesecure.AccessService.plist
Note: The connstore.dat
file also contains the connections that are displayed in the Pulse Secure Desktop UI, when it is launched. It is recommended that the above procedure be performed to modify only the portion of the connstore.dat file
which was specified above to resolve this issue, as opposed to deleting the connstore.dat
file from the user's machine. If the connstore.dat
file is deleted from the machine, the user will need to manually recreate any and all connections that they regularly access.