07-30-2012 06:09 AM
Running an SA2000 on 6.5R7
I can confirm that the mentioned solution within Mountain Lion (Allow App download -> AnyWhere) must be allowed at least once by users needing to use ProperJavaRDP.zip etc (unsupported by Juniper afaik) At least works well in our environment! ( (in following sessions this app is already available to the Mac, so the settings can be changed back if wanted))
07-31-2012 10:50 PM
This is very strange.
I've figured out why applets some times will not load in Mountain Lion. Check out the screenshot - you'll see that ML refuses to trust the certificate because the key size is unsupported.
Note however in the 2nd screenshot, sometimes applets are signed with a different certificate that is fully trusted (issued by Verisign) and has no keysize or other issues. When applets are signed with this cert, everything is fine and the user can opt to allow the applet to run.
What I haven't figured out yet is what controls which certificate is used to sign the applets. It seems to me at the moment to be random.
We're currently running 7.1R6 in production.
08-01-2012 11:09 AM
Does anyone know if the Apple firewall has the potential to interfere with the HC install under either Mountain Lion or Lion? I have one Mac that sits at the HostChecker screen indefinitely and we just found out that it has the firewall enabled.
When time permits I will disable the FW and retest.
08-03-2012 07:50 AM
I have a user who is continuing to have issues with Mountain Lion. Specifically the Pulse client is uninstalled after each reboot. I've verified that he can execute from any source. I've ensured that Java is installed and enabled in safari. I don't knwo what else to try.
08-03-2012 07:53 AM
I have this same exact problem.
In looking at the logs it seems that the Junos Pulse Client does not have the proper Entitlement priviledges that are required in Mountain Lion...
08-03-2012 08:07 AM - edited 08-03-2012 08:08 AM
Interesting. I'm curious if the certificate that is used to sign the applets is related to the ports that you are presenting your signed SSL certs on. I'm assuming that you are using a real (public) SSL cert on the site that users connect to. Here's what I'm getting at. Are you still presenting the default, self-signed certificate that the SA creates during setup on your outside interface? Under the 6.x IVE, it would create a "secure.companyname.com" self-signed cert.
08-07-2012 02:44 PM
We have host checker disabled, but on two systems we are experiencing the issue. On two other systems we are not having the issue. All systems involved were upgraded from Lion. Nothing we can find distinguishes the affected systems.
08-08-2012 03:20 AM
We are also facing the same Pulse uninstall issue on our current OSX Mountain Lion ... Digital Marketing people in our company is using only Apple solutions and OSX Mountain Lion has been deployed on their platform ... they are not anymore able to gain VPN SSL access in our telecom infrastructure ... is there any news from Juniper to solve this major issue ? We have open in parrallel a case with Juniper ... let's see ...
08-08-2012 05:17 AM
With the Junos install package still needing an adjustment to prevent it from uninstalling on Mountain Lion after a reboot, we have found a way to fix it locally.
The uninstall is caused by a script being executed at startup. It is located in /Library/LaunchDaemons. It is called "net.juniper.UninstallPulse.plist"
Just delete it and the problem is gone.
Would be good if Juniper can confirm this is a proper workaround, while we are all waiting for a new release....
08-15-2012 05:15 PM
We are working on getting an update out by the end of the month, possibly next week if all goes well. As a Mac user myself, I'm right there with the rest of you and not really satisfied having to go back to Network Connect.
Kevin Peterson, CISSP
Sr. Product Manager
08-16-2012 12:55 PM
Upgraded our SA2500 to 7.2 R2 from 7.1 and can't get past host checker on my 10.8 Mac.
I'm seeing this in syslog:
<Notice>: killed JuniperSetupClientInstaller.osx[pid 11055] because its use of the version entitlement is not allowed
I guess there are still no workarounds other than disabling host checker?
Can the IVE safely be rolled back to the latest 7.1 code?
When is a fix planned please?