Reset Search
 

 

Article

KB28914 - Pulse Secure Desktop Client does not receive new or updated connections after connecting to PCS gateway

« Go Back

Information

 
Last Modified Date7/24/2017 4:06 PM
Synopsis
This article explains why end users do not see new or updated connections in the Pulse Secure Desktop Client user interface. A procedure to manage this issue is provided.

 

Problem or Goal
When an end user connects to PCS gateway with Pulse Secure Desktop Client, new or updated connections are not displayed in the Pulse user interface.

 

Cause
This issue can occur for one of the following reasons:
  • Pulse Secure Desktop Client is not connecting to the binding server
  • Server-id does not match between all PCS devices in the environment
  • Version number set on the Pulse Secure Desktop Client is higher than the PCS device
  • Configured policies are not supported on the client platform (e.g. 802.1x policies will not show on a Mac OS X client)
Solution
When a Pulse Secure Desktop Client is deployed by the PCS device or by a pre-configuration file, the following data is written locally to the connstore.dat file located at C:\ProgramData\Pulse Secure\ConnectionStore\connstore.dat.

(To view the contents of the connstore.dat file, open it in a text editor.)
ive "49df8bb9-10e9-4ed7-b0ca-d695e2d13135" {
  client-certificate-location-system: "false"
  connection-identity: "user"
  connection-lock-down: "true"
  connection-policy: "manual"
  connection-policy-override: "true"
  connection-source: "preconfig"
  friendly-name: "SA"
  guid: "49df8bb9-10e9-4ed7-b0ca-d695e2d13135"
  reconnect-at-session-timeout: "false"
  server-id: "VASPH477G3WP4328S"
  sso-cached-credential: "false"
  this-server: "false"
  uri: "https://XXX.XX.XXX.XXX"
  uri-list: "https://XXX.XX.XXX.XXX"
  uri-list-randomize: "false"
  uri-list-use-last-connected: "false"
  use-for-connect: "true"
  use-for-secure-meetings: "false"
  version: "17"
}

machine "local" {
  guid: "55CDFC29DEA8464DA3BD096CB8DAC4BF"
  pulse-language: "en-US"
}

machine "settings" {
  allow-save: "true"
  captive-portal-detection: "true"
  clear-smart-card-pin-cache: "false"
  connection-set-download-host: "pcs.acmegizmo.com"
  connection-set-download-time: "2017-06-16 19:45:29 UTC"
  connection-set-last-modified: "2017-06-16 19:22:49 UTC"
  connection-set-name: "Default"
  connection-set-owner: "pcs.acmegizmo.com"
  connection-source: "preconfig"
  dynamic-connection: "true"
  dynamic-trust: "true"
  eap-fragment-size: "1400"
  enable-browser: "true"
  FIPSClient: "false"
  guid: "c4152c02-6a39-436b-b572-f7b32d470248"
  lock-down: "false"
  server-id: "VASPH477G3WP4328S"
  splashscreen-display: "true"
  user-connection: "true"
  version: "40"
  wireless-suppression: "false"
}

Under the machine setting, the server-id will match the hardware ID of the device called the binding server.  When connecting to a PCS gateway, this data is provided each time a connection is made.  If the server-id matches between the PCS device and the Pulse Secure Desktop Client, the Pulse client will attempt to update new configuration information in the connstore.dat.  If this server-id does not match, the Pulse Secure Desktop Client will ignore this information.

In the connstore.dat, each connection will have a unique connection guid (ive "XXXX-XXXX-XXXX-XXXX-XXXXX") with a matching server-id and version number. If the Pulse Secure Desktop Client receives an updated configuration file, the following conditions must be meet to update each connection:

  • Connection GUID match
  • Server ID match
  • Received version number is higher

Starting in 8.2R3 and above, the additional values were added under machine settings to help identify the the hostname and specific times when the connstore.dat was updated from.
connection-set-download-host: "pcs.acmegizmo.com" 
connection-set-download-time: "2017-06-16 19:45:29 UTC" 
connection-set-last-modified: "2017-06-16 19:22:49 UTC"
 

To resolve or prevent these issues, the following is recommended:

  • All Pulse connections should be created and managed on one (1) PCS  device.  Once completed, the administrator should use Push configuration to copy the Pulse connections to all other PCS devices in the environment.  To configure Push Configuration, please refer to the Configuring Targets section in the Using the Push Configuration Feature documentation.  
     
    1. Once configured, navigate to Push Config > Push Configuration.
    2. From the drop down menu, select Selected configuration.
  1. Under Junos Pulse section, select From ALL connections.
  1. Under Push configuration, select the available targets and click Add ->. Click Push Configuration.
  1. When deploying Pulse Secure Desktop Client via a pre-configuration file, make sure to download the latest pre-configuration file from the PCS device.  This will ensure the latest connection guid and version numbers will match between the Pulse Secure Desktop Client and device.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255