We’ve come into the office today to discover a new issue with our Pulse Secure VPNs.
We have actually two Pulse Secure VPNs, one is a physical cluster of two PSA-3000’s, the other is a single virtual VMWare hosted PSA3000-V appliance. The issue is happening to all clientless users only, not full tunneled PDC clients. and it happens when they sign into either one our VPNs. The two VPNs are hosting two different clientless login web links for users to login to. All clientless users fail host checker when they login. Although the clientless users fail host checker, they are actually then taken to the main landing page where they can select what resources they wish to connect to that we’ve configured for them, but from here they are unable to launch any Terminal Services sessions at all. I have a test laptop which I’ve been testing with from inside our company LAN. This has been experiencing the issue, and we’ve also had calls from other users using their own laptops who are external third party employees which also fail experiencing the exact same problems outside of our LAN. When you are at the clientless VPN landing page, if you attempt to launch a Terminal Services session, a message box appears with reference to ‘Pulse Secure Setup Client’ saying ‘Failed to verify the downloaded application. Application cannot start’. So the issue appears to be something to do with ‘Pulse Secure Setup Client’. I already had Pulse Secure Setup Client installed on the laptop. So I attempted to un-install it and re-connect. However, the setup client won’t re-install at all now when logging into the VPN via any web browser – it’s something that normally should work.
Does anyone have any idea of why this is happening or what might be causing this? Users have told me it was working fine on Friday just gone (9th April 2021). They were logged in fine that day, they think the issue began over the weekend.
I had been wondering if it might be caused by an expired certificate, but a check of all certificates on both VPN appliances shows that no certificates have expired since Friday.
I’ve been told from pulse secure it’s a global issue and was given this article.
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/
temporary solution, change client machine DATE to 4/10 or earlier.
From elevated command line “date 04-10-2021”.
Sign in and connect to terminal services
Go back to command line and set date back to 04-12-2021
I actually found statements in the 2-3 latest release notes, saying that this certificate would expire 4/12/2021.
I think someone at pulse made a big oopsie and forgot to add it to their calendar…
Yeah, the really screwed the pooch big time on this deal! I’m guessing millions of people are broken at the moment. Right now you have 2 choices
- Run the current version of software and have everyone set their client computers to 4/10 every time they connect, this will however get very annoying after a while.
- Bite the bullet and upgrade your appliances and have all of your users uninstall all Pulse components on the machines (reboot), then reconnect to your appliances. If you have 2 active appliances you could have some people using the work around to the old appliance and people with the upgraded going to the upgraded one, but you can’t mix them as the client needs to match exactly with the appliance it’s connecting with.
Right now our general appliance on the old version which user can connect to is they do the date adjustment, but if they dan’t do that (IT lockdowm of some sort) they’ll need to uninstall and reinstall the (new) Pulse components to be functional.
Overall the whole thing sucks and Pulse left millions out in the cold fending for thenselves, all because of some stupid cert issue…
Nice work!
I have a few customers complaining that the Launcher is marked as a threat after the upgrade, mostly by Defender and Symantec.
Another customer is having an issue with the PDC upgrade window popping up after every connection. Nothing happens when users upgrade.
Is anyone else seeing these issues?
Yeah, they super blew it where software they created can’t properly authenticate against something else they created
Starting a new remote job today that requires this and found this thread. This solved the issue for me, thanks!
yes, people on Pulse Secure’s twitter page are apparently angry and saying bad things about the company. A bad day for any PSA owner it seems.
Agreed.
Just read the new words on touching every client. This really sucks.
Not a client admin but I guess however it can be done with executing the BAT through a GPO?
One strange thing is that my customer can login and get through even though they use host checker. But terminal services is a no no, until he migrated to HTML5 apps.
I can imagine, luckily only one of my customers are affected with quite minor impact. I’m guessing the big companies might have quite the issues with thousands of clients using PCS.
Thanks for the twitter tip, need to read it.
That’s the thing with HTML5 is it’ll work, no client needed, just sucks you can’t use 2 screens!
We just upgraded both of our appliances this weekend so we’ll see what happens tomorrow!
Good luck man
Nice, hope it turns out well.
I’m doing one upgrade tomorrow to 9.1R10.2