Pulse Secure is not working

Asifahmed
New Contributor III

If I install Pulse Secure 9.1.15 version on mac manually it works, but when I am deploying via JAMF policy, it doesnt work, it is not picking up VPN URL and if I put the VPN URL and try to connect, it says failed to connect pulse service.  Any help will be appreciated.

6 REPLIES 6

sdagley
Esteemed Contributor II

@Asifahmed How did you create your Pulse Secure package for Jamf Pro? It's been a while since I've packaged that since we're now using a different VPN, but as I recall you had to have several additional files in the directory with the installer when running it.

Asifahmed
New Contributor III

I took the .dmg file of Pulse Secure V9.1.15 from my network security team who have the access in vendor portal. I did a deep clean for old Pulse secure v9.1.11  and installed the .dmg file with normal snapshot method of composer. Do you think we should go for different way to package it?  Some times if I run the .dmg file, under applications folder one corrupted icon of pulse comes which doesn't woks anymore. If I run my old policy to install v9.1.11 and then run the policy for Pulse v9.1.15 then it works. Dont know what is going on. Please let me know what is the best way to package Pulse Secure app and what are path is needed to capture to build the package. 

sdagley
Esteemed Contributor II

@Asifahmed Capturing the Pulse Secure install via Composer is not what you want to do. Your network security team should have access to a script that will take the PulseSecure.pkg plus the configuration and branding files for your org and create a .dmg that you can run the install from. My deployment method was to take that .dmg and put it into a .pkg with a post install script that mounted the image and then ran the installer. I'll have to look for a copy of that script.

Asifahmed
New Contributor III

I am going to explain you in more detail. Previously we were using Pulse v9.1.11 and there was an issue and came to know that V9.1.15 is need to fix this issue. So I asked the source package for V9.1.15, network security team provided that source from vendor's site. I opened the previous policy in Jamf and seen two files are there, one is app package and another is configuration file. I opened the previous package(v9.1.11) in composer and seen one postinstall script is there and apart from /application no other file is captured before. So I installed manually the .dmg I got from network security team and by snapshot and also by drag and drop method I built a package for new version 9.1.15 adding the same postinstall script with /applications file only(removing others like /library/application support and /Library/daemon, user/my username) and same configuration file. Now did a clone of my previous policy(v9.1.11)  and added the new app package for v9.1.15 keeping others two same(configuration file and command to populate the server URL). If I deploy this policy after removing the previous version(9.1.11) completely(deep clean) it doesnt work. It says failed to connect Pulse service. But I remove the previous app from /applications only and run the new policy(v9.1.15) then it work.  Any reason and what is the fix here?

Asifahmed
New Contributor III

I am going to explain you in more detail. Previously we were using Pulse v9.1.11 and there was an issue and came to know that V9.1.15 is need to fix this issue. So I asked the source package for V9.1.15, network security team provided that source from vendor's site. I opened the previous policy in Jamf and seen two files are there, one is app package and another is configuration file. I opened the previous package(v9.1.11) in composer and seen one postinstall script is there and apart from /application no other file is captured before. So I installed manually the .dmg I got from network security team and by snapshot and also by drag and drop method I built a package for new version 9.1.15 adding the same postinstall script with /applications file only(removing others like /library/application support and /Library/daemon, user/my username) and same configuration file. Now did a clone of my previous policy(v9.1.11)  and added the new app package for v9.1.15 keeping others two same(configuration file and command to populate the server URL). If I deploy this policy after removing the previous version(9.1.11) completely(deep clean) it doesnt work. It says failed to connect Pulse service. But I remove the previous app from /applications only and run the new policy(v9.1.15) then it work.  Please let me know if your steps may a positive result.

Hi Asifahmed!

The portion that may be having some difficulty is the configuration file import. Specifically the jamCommand i.e.

PULSE_CONFIG_PATH="path to pulse config file"

/Applications/Pulse\ Secure.app/Contents/Plugins/JamUI/jamCommand -importFile ${PULSE_CONFIG_PATH}
 
I would recommend looking to pivot to using the .pkg based installer your Network/VPN admin can obtain from the portal. This way you can take advantage of the vendor prepared pre and post install scripts that are a part of the installer to help with upgrade in place as well as fresh installs.

I have personally had the most success crafting an installer that caches the .pkg and config file into tmp, and then running the command: installer -pkg "path to PulseSecure.pkg" -target / followed by the /Applications/Pulse\ Secure.app/Contents/Plugins/JamUI/jamCommand -importFile ${PULSE_CONFIG_PATH} command via a post install script.