Skip to main content

HI Jamf Nation,



I am running into a weird issue in which installing Junos Pulse when installed manually is able to start and add connections just fine. However, when packaging the app in Composer using the normal snapshot method, and packaged as a DMG. Has anyone experienced this or know of a fix? I have attached screenshots below. Thanks!



I get the following error:



Failed to connect to the Pulse Secure service.



This is what it should look like, done with normal install



This is after packaging with composer as a DMG using the snapshot method, Pulse Secure is turned off.



This is the error I receive when trying to add a connection from the DMG that was packaged.

We use Pulse and there is an install script that is required to run in order to get it installed. My install policy copies the actual installer pkg and a configuration file to /users/shared/ and then a script runs that calls upon the installer to reference the files. I was given the installer script by our Network team. I presume it's a script that was provided to them by Junos. You may want to look down that avenue. I would seriously doubt a snapshot is enough to get things working because it's a service that is basically always running and something (maybe a LaunchDaemon?) needs to get it going.

I have a snapshot package that I use to install Junos during imaging and stand alone if needed. I have baked in our configures. After the install we need to run a script to make sure each computer is getting a unique GUID so that when connecting machines don't kick each other off.



We used to see that error as well and after updating my package to the latest version it hasn't seemed to be an issue. Pulse 5.1.5 (60701)



Below is the script I created to do so. 



#!/bin/bash

# stop pulse access service

# remove local guid from connstore.dat

# restart service

sudo launchctl unload /Library/LaunchDaemons/net.juniper.AccessService.plist

sudo rm -rf /Library/Application Support/Juniper Networks/Junos Pulse/DeviceID

sudo sed -i .bak "/guid/d" /Library/Application Support/Juniper Networks/Junos Pulse/connstore.dat

sudo launchctl load /Library/LaunchDaemons/net.juniper.AccessService.plist

Looks like @rtrouton has a guide on deploying Pulse that looks pretty solid:
https://derflounder.wordpress.com/2015/03/13/deploying-a-pre-configured-junos-pulse-vpn-client-on-os-x/

In the past few years I have just copied the Pulse Secure app straight to casper admin, with "install on boot drive after imaging" selected.



We have a second .pkg with the custom .jnprpreconfig file install in a temp location, and in our 1st log in script we just have a line....



/Applications/Pulse Secure.app/Contents/Plugins/JamUI/jamCommand -importfile /temp location



( I think that is straight from the manual/deployment guide many years ago) : )



I haven't ever had to do this on an "in use computer" but once in testing possible BYOC ( years ago) with self service or pushed in a policy but I kinda remember that it need a reboot...



If you are using script I think the one of the most recent versions changed the internal names to Pulse Secure instead of Junos Pulse... too so watch out for that ...



C

+1 to @emily 's suggestion of @rtrouton 's blog post above. That is the most reliable method of deploying and auto configuring Junos Pulse / Pulse Secure.

I ran into the exact same issue when using Composer. I was able to get the install working by copying the .pkg (the one you use to manually install) to the computer then installing it using the command:



/usr/sbin/installer -pkg <location of the .pkg> -target /



So far this method is working for me through Self Service
Odd part is that the Composer version works when used with Capser Imaging but not through Self Service



m/

I never could get the profiles to just 'work' but with some digging I found that you can use Pulse's little advertised command line tool to import them.



So I have a package that I run separate from the app. It puts a file I received from our netsec group (it's just a text file so I was able to rename the connections as we pleased) in /tmp, then runs the ocmmandline tool to import that, and finally removes the original file.



#!/bin/bash



open /Applications/Junos Pulse.app/Contents/Plugins/JamUI/PulseTray.app



/Applications/Junos Pulse.app/Contents/Plugins/JamUI/jamCommand -importfile /var/tmp/ConfigDeploy.jnprpreconfig



rm -rf /tmp/ConfigDeploy.jnprpreconfig

Thank you all for your responses. Once I get the VPN configuration from my admin I will let you know the results of @rtrouton 's guide.

I have just been tasked with trying to get this to work. I have followed @rtrouton guide, and it does not work for me.
Being a new person to Mac, I am taking the unlikely road of "hey just take what he did and rename a few things and hope it sticks"
I know i am doing something wrong, as I am kinda flying blind with this.
The new version of Pulse Secure 5.2R4 is obviously named different than the Junos name, so in the script i renamed what I believe is correct.
I am leveraging Casper so I was not sure if there was something that needs to be done differently to the created package in order for it to work, but just running the .pkg on a machine does not install.



I see things like this is the install.log



./postinstall: installer: Error the package path specified was invalid: ''.
./postinstall: hdiutil: detached failed - no such file or directory



So without a doubt it is not working as intended.



If i am deploying it using Casper, do I need to check off "Require Admin password for installation"? I asume so as it is touching the Application folder.



My .pulsepreconfig file has a space in it, so not sure if that also has something to do with it.



This is just a snippet, but you get the idea that is is just a rename of the client and location names...



#!/bin/sh



# Specify location of the Pulse Secure disk image



  TOOLS=$install_dir/“PulseSecure.dmg"



# Specify location of the Pulse Secure configuration file



  VPN_CONFIG_FILE=$install_dir/"My Company.pulsepreconfig”



# Specify a /tmp/pulsesecure.XXXX mountpoint for the disk image



  TMPMOUNT=`/usr/bin/mktemp -d /tmp/pulsesecure.XXXX`



# Applying VPN configuration file

#



if 
i -d "$3/Applications/PulseSecure.app" ]]; then



    echo "Pulse Secure VPN Client Installed"

    "$3/Applications/PulseSecure.app/Contents/Plugins/JamUI/./jamCommand" -importFile "$VPN_CONFIG_FILE"

    echo "VPN Configuration Installed"

else 

    echo "Pulse Client Not Installed"


Kevin

@kjohnson,



I think the script is being messed up thanks to smart quotes. I've marked in the script where I see them.



Smart quotes are not recognized as legal quote marks when the script is run, which may be why you're having issues. For more information, please see the link below:



https://derflounder.wordpress.com/2014/02/01/disabling-smart-quotes-in-mavericks/



@kjohnson If you're using Text Edit then the defaults are for it to replace things like straight quotes with curly quotes, three dots with an ellipse, etc. You can turn all that off by going to Edit > Substitutions. You can turn on/off specific ones, or edit them.

@rtrouton Well i learn somethign new everyday. I will look into that and see if that is indeed the case.



@cwaldrip I was actually using textwrangler, but i did not change any of the default settings. I will look into Text Edit and see if i can make those changes to fix it and try again.



thanks guys!

Well that looks to have helped. It now installs, but the configuration file does not appear to import (postinstall).



If i understand the install.log, it is saying that it can't find the configuration file.



I am just running the package manually on a machine to test.



So i am definetly in the right direction now..

Here's what I'm currently using for my Pulse Secure postinstall script:



#!/bin/bash



# Determine working directory



install_dir=`dirname $0`



#

# Installing Pulse Secure

#



# Specify location of the Pulse Secure disk image



  TOOLS=$install_dir/"PulseSecure.dmg"



# Specify location of the Pulse Secure configuration file



  VPN_CONFIG_FILE=$install_dir/"Filename_here.jnprpreconfig"



# Specify a /tmp/PulseSecure.XXXX mountpoint for the disk image



  TMPMOUNT=`/usr/bin/mktemp -d /tmp/PulseSecure.XXXX`



# Mount the latest Pulse Secure disk image to the /tmp/PulseSecure.XXXX mountpoint



  hdiutil attach "$TOOLS" -mountpoint "$TMPMOUNT" -nobrowse -noverify -noautoopen



# Install Pulse Secure



  /usr/sbin/installer -dumplog -verbose -pkg "$(/usr/bin/find $TMPMOUNT -maxdepth 1 ( -iname *.pkg -o -iname *.mpkg ))" -target "$3"



#

# Applying VPN configuration file

#



if [[ -d "$3/Applications/Pulse Secure.app" ]]; then



    echo "Pulse Secure VPN Client Installed"

    "$3/Applications/Pulse Secure.app/Contents/Plugins/JamUI/jamCommand" -importFile "$VPN_CONFIG_FILE"

    echo "VPN Configuration Installed"

else 

    echo "Pulse Client Not Installed" 

fi



#

# Clean-up

#



# Unmount the Pulse Secure disk image



  /usr/bin/hdiutil detach "$TMPMOUNT"



# Remove the /tmp/PulseSecure.XXXX mountpoint



  /bin/rm -rf "$TMPMOUNT"



exit 0


I just tested it today with Pulse Secure 5.2.5.869, as that's the newly-released Sierra-compatible Pulse Secure VPN client:



https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40245

@rtrouton Thank you. I copied what you had and everything worked perfectly. I think it may have been how i did the sudo part.
Either case things are working.

I've run into a strange issue with jamCommand.



Setting this up, both the above mentioned way, and an alternative way mentioned below, and running it from Self Service I get an error.



To see where it was going wrong, I manually ran the commands in terminal and found that the Pulse client opens and prompts for a username and password on the jamCommand step. I cant figure out why its doing this, I have tired different versions of PulseSecure, compared my jnprpreconfig config with others that use this, and I don't see anything different. Wiped the machine and started again, you name it! Its a real mystery at the moment.



I also discovered perhaps an easier way to do this too, rather than create a package with the script and config file inside it, install the regular PulseSecure pkg/dmg, then add a simple script to JSS and run it to to echo out the jnprpreconfig and run jamCommand:



#!/bin/sh

# VPN Config Scirpt

# Write out config file to /tmp

cat <<EOF >/tmp/tpus.jnprpreconfig

## paste the contents of your jnprpreconfig file here

EOF

# Import Config into VPN Client

"$3/Applications/Pulse Secure.app/Contents/Plugins/JamUI/jamCommand" -importfile /tmp/tpus.jnprpreconfig

rm /tmp/tpus.jnprpreconfig


I figure this way, you don't have to create a custom package, and the script is easily editable via JSS.

Issue that I have is that deploying Pulse Secure with the jnprpreconfig import still requires a full restart to display the list of connections in the Connections window. The install packages works. Not great UX.



I would like to avoid having to restart the Mac.



I am looking into how to unload and load the correct Daemon / Agent to get the connections to show up in the Connections window. Suggestions?



This command does work to unload the PulseTray or menu bar item:
sudo -u <user> launchctl unload /Library/LaunchAgents/net.juniper.pulsetray.plist



However, unloading and loading the PulseTray does not refresh the list in the Connections window.



This command does not work, resulting in "Could not find specified service":
sudo /bin/launchctl unload /Library/LaunchDaemons/net.juniper.AccessService.plist



My guess is that the syntax is wrong. Ideas? Thank you!

I package the installer I get from Junos and the jnprpreconfig file and put them in /Users/Shared/Pulse/ but you could put them in /tmp/Pulse if you wanted. This is the script I use and it works fine. NEW in 5.2.5: The name of the installed app is now just "Pulse Secure.app" The installer leaves behind an invisible "Junos Pulse Secure.app" If you're upgrading from the old version. I have a subsequent script to delete that too after the installation is complete.



#!/bin/sh



# Change working directory

cd "/Users/Shared/Pulse/"



# Install Pulse Secure software

/usr/sbin/installer -pkg PulseSecure 5.2.5.pkg -target /

sleep 1



/bin/chmod +x /Applications/Pulse Secure.app/Contents/Plugins/JamUI/PulseTray.app/Contents/MacOS/PulseTray

/bin/chmod +x /Applications/Pulse Secure.app/Contents/MacOS/Pulse Secure

/bin/chmod +x /Applications/Pulse Secure.app/Contents/Plugins/JamUI/jamCommand



# Launch the Pulse Tray

/usr/bin/open -a '/Applications/Pulse Secure.app/Contents/Plugins/JamUI/PulseTray.app/Contents/MacOS/PulseTray'

sleep 1



# Open Pulse Secure in the background and then hide the app

/usr/bin/open --background -a '/Applications/Pulse Secure.app/Contents/MacOS/Pulse Secure'

/usr/bin/osascript -e 'tell application "System Events" to set visible of application process "Pulse Secure" to false'

sleep 1 



# Import the company VPN settings. Specify your file here

/Applications/Pulse Secure.app/Contents/Plugins/JamUI/jamCommand -importFile MyCompany.jnprpreconfig  

sleep 1



# Quit  the Pulse Secure app

/usr/bin/osascript -e 'tell application "Pulse Secure" to quit'

sleep 2



# Open Junos Pulse in the background a second time and then hide the app

/usr/bin/open --background -a '/Applications/Pulse Secure.app/Contents/MacOS/Pulse Secure'

/usr/bin/osascript -e 'tell application "System Events" to set visible of application process "Pulse Secure" to false'

sleep 5



# Quit  the Junos Pulse app

/usr/bin/osascript -e 'tell application "Pulse Secure" to quit'



# cleanup after installation

rm -Rf /Users/Shared/Pulse



exit 0

Thanks @AVmcclint
I appreciate the help.

The script from @rtrouton and using a few commands from @AVmcclint works well, no issues.



Question anyone run into the pulse app always prompting for credentials to connect after reboot and or login and logout?



This only happens when using an imported configuration.



Gracias

You may want to speak with your network engineers or whoever built the Pulse configuration file for you. I've learned that they can lock down or open up and control certain aspects of how the Pulse program works via that config file. It sounds to me like maybe there's a setting within it that forces the computer to automatically reconnect. Whether that's by design or by accident would be for your network team to address and possibly give you a new config file. If they do that, then you'll have to run through the installer all over again to import the new config file.

I figured that was it.



I received another but there were issues. I am working with my Net-Team.



I am still testing at this point but once I get/if I get this I will post up.



Thank you.

Hello,



I am new to Jamf and Macs. I have packaged the pulse secure with all the company connections using Composer. I was also verified that the connstore.dat file is stored in /library/application support/pulse secure/pulse/connstore.dat has the connections listed. When installing the package on a new Mac, i do not see any connections listed, yet i can see it listed in the path above. I assume I need to use one of the scripts above to get the connections listed? If so, which one and how do i create the *.jnprpreconfig file? Can you also explain how to import this script to JSS so it runs after the pulse install?



Thanks!

Please disregard, after reboot, i was able to see the connections!



Thanks

Pule Secure or junos goes to Jamf mdm to confirm mac is compliant. Is it possible, if yes how can be possible?

Reply


Terms & ConditionsCookie settings