Reset Search
 

 

Article

KB44792 - How to remove old client side components via Stand-Alone Pulse Desktop Client to resolve the Pulse Desktop Client Upgrade issue?

« Go Back

Information

 
Last Modified Date5/6/2021 4:05 PM
Synopsis
This article describes the steps to remove old Client-side components via Stand-Alone Pulse Desktop Client.
Problem or Goal
The end-point devices that have the Old Client Components need to be removed manually or via Uninstallers (KB4781). Without performing this activity, they cannot connect to the PCS servers via Browsers that have the certificate fix (9.1R8.4/9.1R9.2/9.1R10.2/9.1R11.3 and above). This also affects Pulse Desktop clients' upgrade although the functionality via the stand-alone PDC clients isn't impacted.
However, End users who use Standalone Pulse Desktop Client can leverage the procedure outlined here to automatically clean up the old client components and upgrade Pulse Desktop Client.

The Solution is applicable to:
  • Windows End-Points.
  • PCS 9.1R8.4/9.1R9.2/9.1R10.2/9.1R11.3 and above
  • The above mentioned PCS should host PDC version 9.1R11.3 or higher only.

     
Cause
Solution
Please use the PulseUpgradeHelper as per the guidelines provided below,

1.    Identify a file location where the end-users can access upon successful VPN connection. Ensure that share is “Read-Only” for security reasons.
2.    Check the sample script below, create a BAT file and place it along with the PulseUpgradeHelper.exe (attached) in this identified location.

Sample Script Content (Paths can be modified if needed):
@echo off
title Pulse Upgrade Helper
SETLOCAL EnableExtensions
set PUH_NAME=PulseUpgradeHelper
set PROC_NAME=%PUH_NAME%.exe

md %TEMP%\PulseSecure\%PUH_NAME%
cd %TEMP%\PulseSecure\%PUH_NAME%
xcopy \\<IP_OF_THE_SMB_SHARE>\<SUB_PATH_TO_DIR_CONTAINING_TOOL>\%PROC_NAME% /K /H /Y
%PROC_NAME% -ive: <FQDN_OR_IP_OF_PCS>

:CHECKAGAIN
FOR /F %%x IN ('%WinDir%\System32\tasklist.exe /NH /FI "IMAGENAME eq %PROC_NAME%"') DO IF %%x == %PROC_NAME% goto FOUND
echo Not running
goto FIN
:FOUND
echo Searching for %PROC_NAME% process; Polling after 10 seconds
%WinDir%\System32\timeout.exe /t 10
goto CHECKAGAIN
:FIN
echo %PROC_NAME% is not running
del /f /q %PROC_NAME%

echo "This script will now self-destruct. Please ignore the next error message"
del /f /q "%~f0"

echo Done
Note: Please be aware that there is a space in %PROC_NAME% -ive: <FQDN_OR_IP_OF_PCS>
 
FilenameHashes
PulseUpgradeHelper.exeMD5: 7AB00451C724270A8AD5199E82DC84FC
SHA256: DD95F634BB5E9E460BE6CACF5D58C346BC4E38BB5FE333081388F7A98F4822B9

3.    Configure the "Session start script" by navigating to the path below from Pulse Connect Secure (PCS) server.
  • Users -> User Roles -> Choose the Role(s) -> VPN Tunneling.
  • Configure the batch file location under the "Windows: Session start script" option. For e.g. \\<Share>\PulseUpgradeHelper.bat and Save Changes.
 Note:
  1. Please avoid configuring this on affected PCS versions per KB44781. Ensure that those affected PCS versions including 9.1R7 or below are also upgraded to PCS versions that have the fix before configuring this script.
  2. IE users should remove any iexplore.exe (Internet Explorer instances) from the task manager.
  3. All per-user components will be uninstalled.
  4. The end-point should have a functional Pulse Desktop Client (9.0x and above are compatible) installed for this to work as this is a Post VPN start script.
  5. Customers who would like to only clean up old client components and do not want to upgrade PDC, can disable "Auto Upgrade/Web installation" on PCS.
  6. The Pulse Upgrade will trigger only if PCS is hosting a newer PDC release. No action is taken if PDC installed is the same as PDC hosted on PCS.
  7. Hybrid users (Browser/Stand-Alone PDC users) will be benefited from this as it is applicable to all Supported browsers (IE, Chrome, FF, etc.,).
  8. PDC upgrade (if configured) will be triggered after the client component cleanup without prompting for elevation (This is currently interactive and won’t need any rights elevation from the end-users as it runs in the Pulse installed context).
  9. This script will not re-run on machines that have Old Client components already removed.
  10. This is not supported for PDC use cases where SAML with External Browser with HC Enabled is used.

 
Related Links
Created ByRaghu Kumar

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255