KB45134 - Pulse Secure client fails to popup embedded browser on Windows Machine.

This article describes about the Pulse desktop client fails to popup the embedded browser for SAML authentication post clicking on connect on windows machine.

When user is requested SAML for authentication and has "embedded browser for authentication" enabled. When clicks on connect it goes no where and does not pop up the embedded browser and gives Timeout error. If you use browser Like IE or Chrome SAML authentication it works.

This issue is seen when we look into the below Registry path, we can see values like below.
Computer\HKEY_CURRENT_USER\Software\Pulse Secure\SAML

samlbottom = ?4294935726? DEC
samlleft = ?4294935296? DEC
samlright = ?4294935730? DEC
samltop = 4294935296? DEC4.

The Issue occurs on below scenario.
If a user has 2 monitors, extended monitor is configured on the left side to the main monitor.
In this case, if embedded browser is moved to second monitor, the window coordinates are calculated as negative values and stored in the registry.
While reconnecting, if the end user working with single monitor, he won't see the embedded browser window. 

If we look into the client end debug log. Able to see below log output. 

SMM30 Pulse.exe Pulse p14708 t3BCC WebBrowser.cpp:69 - 'JamUI' WebBrowser::QueryService invoked

SMM30 Pulse.exe Pulse p14708 t3BCC WebBrowser.cpp:1028 - 'JamUI' Unsuccessful execution of InternetGetCookie on location: [https://oidc.vip.symantec.com/47a45c795fd574577a61c056cc1f6081/oauth/authorize]. - Error: 0x103?

Workaround:
Changing the registry values or reposition the values will fix the issue.
samlbottom = 1013 DEC
samlleft = 100 DEC
samlright = 1709 DEC
samltop = 100 DEC

The similar issue with positive values fixed, will be a part of PDC R16 release which is expected to be out by mid of July (tentatively)