When a Pulse Secure Desktop Client is deployed by the PCS device or by a pre-configuration file, the following data is written locally to the
connstore.dat file located at C:\ProgramData\Pulse Secure\ConnectionStore\connstore.dat.
(To view the contents of the connstore.dat file, open it in a text editor.)
ive "49df8bb9-10e9-4ed7-b0ca-d695e2d13135" {
client-certificate-location-system: "false"
connection-identity: "user"
connection-lock-down: "true"
connection-policy: "manual"
connection-policy-override: "true"
connection-source: "preconfig"
friendly-name: "SA"
guid: "49df8bb9-10e9-4ed7-b0ca-d695e2d13135"
reconnect-at-session-timeout: "false"
server-id: "VASPH477G3WP4328S"
sso-cached-credential: "false"
this-server: "false"
uri: "https://XXX.XX.XXX.XXX"
uri-list: "https://XXX.XX.XXX.XXX"
uri-list-randomize: "false"
uri-list-use-last-connected: "false"
use-for-connect: "true"
use-for-secure-meetings: "false"
version: "17"
}
machine "local" {
guid: "55CDFC29DEA8464DA3BD096CB8DAC4BF"
pulse-language: "en-US"
}
machine "settings" {
allow-save: "true"
captive-portal-detection: "true"
clear-smart-card-pin-cache: "false"
connection-set-download-host: "pcs.acmegizmo.com"
connection-set-download-time: "2017-06-16 19:45:29 UTC"
connection-set-last-modified: "2017-06-16 19:22:49 UTC"
connection-set-name: "Default"
connection-set-owner: "pcs.acmegizmo.com"
connection-source: "preconfig"
dynamic-connection: "true"
dynamic-trust: "true"
eap-fragment-size: "1400"
enable-browser: "true"
FIPSClient: "false"
guid: "c4152c02-6a39-436b-b572-f7b32d470248"
lock-down: "false"
server-id: "VASPH477G3WP4328S"
splashscreen-display: "true"
user-connection: "true"
version: "40"
wireless-suppression: "false"
}
Under the machine setting, the server-id will match the hardware ID of the device called the binding server. When connecting to a PCS gateway, this data is provided each time a connection is made. If the server-id matches between the PCS device and the Pulse Secure Desktop Client, the Pulse client will attempt to update new configuration information in the connstore.dat. If this server-id does not match, the Pulse Secure Desktop Client will ignore this information.
In the connstore.dat, each connection will have a unique connection guid (ive "XXXX-XXXX-XXXX-XXXX-XXXXX") with a matching server-id and version number. If the Pulse Secure Desktop Client receives an updated configuration file, the following conditions must be meet to update each connection:
- Connection GUID match
- Server ID match
- Received version number is higher
Starting in 8.2R3 and above, the additional values were added under machine settings to help identify the the hostname and specific times when the connstore.dat was updated from.
connection-set-download-host: "pcs.acmegizmo.com"
connection-set-download-time: "2017-06-16 19:45:29 UTC"
connection-set-last-modified: "2017-06-16 19:22:49 UTC"
To resolve or prevent these issues, the following is recommended:
- All Pulse connections should be created and managed on one (1) PCS device. Once completed, the administrator should use Push configuration to copy the Pulse connections to all other PCS devices in the environment. To configure Push Configuration, please refer to the Configuring Targets section in the Using the Push Configuration Feature documentation.
- Once configured, navigate to Push Config > Push Configuration.
- From the drop down menu, select Selected configuration.
- Under Junos Pulse section, select From ALL connections.
- Under Push configuration, select the available targets and click Add ->. Click Push Configuration.
- When deploying Pulse Secure Desktop Client via a pre-configuration file, make sure to download the latest pre-configuration file from the PCS device. This will ensure the latest connection
guid and version numbers will match between the Pulse Secure Desktop Client and device.
