Your browser is not supported.

This website is optimized to work in modern browsers like Safari 3+, Firefox 4+, Chrome 10+ and IE9+. If you are using a different browser, you may experience visual glitches or other problems.

Next:

Previously:

30 Sep 2009

Snow Leopard and Juniper Network Connect

Update 2009/10/29 11:18—Updated the path on the final setuid command per commenter David.

 

If you use a Mac as your work machine, chances are that you’ve had to use VPN at some point, and therefore the current de facto SSL VPN client, Juniper Network Connect. If you’ve recently upgraded to Snow Leopard, you’ve probably already run into the problem of NC not working correctly, and likely found the common solution to fixing the problem.

This solution works great if you’ve got a fully functional installation of NC, but what happens if your installation has become corrupted on Snow Leopard? What if, for example, some of the installation files are corrupted or missing, but some aren’t? That’s what happened to me, and here’s how I fixed it.

So if your installation is corrupt, the auto-install through a web browser won’t work for you, because there are some residual files and the application can’t tell whether it’s fully installed or not. Chances are what will happen is that the installation files will get downloaded, but the install itself will fail because some of the files from your corrupt installation are still there.

The easiest way to fix this is to get a hold of the NC install .dmg and run the installer app; your company’s IT organization will likely be able to get it to you without too much trouble. If you don’t have access to the .dmg installer, however, then your life will be significantly more difficult; you’ll have to manually uninstall and reinstall the application, as follows (note that you’ll need root access on your machine to be able to do these steps):

  1. Delete the files from the old installation:
    1. From /Applications, delete Network Connect.app if it’s there.
    2. From /Library/Frameworks, delete net.juniper.DSApplicationServices.framework, net.juniper.DSCoreServices.framework and net.juniper.DSNetworkDiagnostics.framework if present.
    3. From /Library/Internet Plug-ins, delete net.juniper.DSSafariExtensions.plugin if present.
    4. From /Library/Widgets, delete Network Connect.wdgt if present.
    5. From /usr/local, delete the juniper folder if present.
  2. Now, if you’ve already tried and failed to install NC through the browser, you should already have a PAX archive downloaded to /tmp. If you don’t, try to do the autoinstall, and after it fails, the NetworkConnectBinaries.pax file will be there. Extract the archive by double-clicking on it. Inside, it contains three top-level folders: Applications, Library, usr. Their contents echo the folders that we removed files from in step 1.
  3. Copy the contents of the archive into the folders on your system with the same name:
    1. Put Network Connect.app into /Applications.
    2. Put net.juniper.DSApplicationServices.framework, net.juniper.DSCoreServices.framework and net.juniper.DSNetworkDiagnostics.framework into /Library/Frameworks.
    3. Put net.juniper.DSSafariExtensions.plugin into /Library/Internet Plug-ins.
    4. Put Network Connect.wdgt into /Library/Widgets.
    5. Put the juniper folder into /usr/local.
  4. Now for the complicated part. First, make sure /usr/local/juniper is owned by root:wheel by launching Terminal.app and typing the following command at the prompt: sudo chown -R root:wheel /usr/local/juniper.
  5. Perform the two steps recommended in the tutorial I linked above:
    1. sudo chmod 755 /usr/local/juniper/nc/[version number]/
    2. sudo mkdir '/Applications/Network Connect.app/Contents/Frameworks'
  6. Finally, set the setuid bit on a couple of the files:
    1. sudo chmod 4711 /usr/local/juniper/nc/install/ncinstallhelper
    2. sudo chmod 4711 /usr/local/juniper/nc/[version number]/ncproxyd

After following these steps, you should be able to run Network Connect as normal.

27 responses to “Snow Leopard and Juniper Network Connect”:

  • Alex said:

    Thank you so much for this. I’ve been trying to get my NC to work for weeks now. You are the man.

    October 9th, 2009 at 3:19 am

  • Richa said:

    Ha, my pleasure. I’m glad I could be of help.

    October 9th, 2009 at 6:17 am

  • Rich said:

    Big, big help. Thank you.

    October 14th, 2009 at 2:58 pm

  • David said:

    THANK YOU!
    One quick correction on the last line:
    sudo chmod 4711 /usr/local/juniper/[version number]/ncproxyd
    should be
    sudo chmod 4711 /usr/local/juniper/nc/[version number]/ncproxyd

    Richa, you really helped me out a LOT and I’m grateful you posted this. Thanks again.

    October 29th, 2009 at 10:16 am

  • Richa said:

    Oh, good catch. Thanks! I’ve updated the post to reflect this.

    October 29th, 2009 at 10:21 am

  • Hancks said:

    GREAT!! IT WORKS

    You really helped me.

    Thanks very much

    November 14th, 2009 at 1:14 pm

  • Mike said:

    Thanks for the post. I have a problem though.
    I accomplished “Juniper Network Connect” to sign-in the network of my work. However I could’t connect to internet after Network Connect successful signed-in. It shows zero received/send bytes in its window. I closed network monitoring in Little Snitch program and allowed all possible addresses as an exception for pop-up blocks.
    Is there any solution for this problem?
    thanks

    November 19th, 2009 at 11:29 am

  • Richa said:

    @Rich, David and Hancks: You’re very welcome. Glad I could help.

    @Mike: sorry for the late reply. Were you ever able to get this working? If not, could you send a screenshot of what’s happening to the address in the footer?

    November 21st, 2009 at 8:13 pm

  • Jörg said:

    Richa, you made my day !
    Thanks a lot and happy holidays.

    joerg.

    December 23rd, 2009 at 1:59 pm

  • Sam said:

    Richa,
    I am trying to complete step 2 :-) I know, I didn’t get very far. But where on earth do I get the PAX archive ? I do have the .dmg for NetworkConnect 6.5R2 Mac but when I run it I don’t have any of the files that you are suggesting I move into appropriate folders. Any assistance would be appreciated. I have installed on 3 other computers and everything works. For some reason on this particular system I can’t get things going.

    Sam

    January 7th, 2010 at 3:58 am

  • lautaro said:

    I cant find the PAX archive either. i did found the juniper folder inside the Firefox.app package (wierd!!).
    is there any other way to get de PAX file?
    thanks

    January 29th, 2010 at 10:02 am

  • Richa said:

    I think they don’t distribute the PAX archive anymore. I have to do some research into what’s going on now, but I’ll get back to you then.

    February 1st, 2010 at 8:34 pm

  • Matthew said:

    Hi, this is the most detailed information I’ve found, but it’s still leaving me stuck. I’m on OS X Snow Leopard, obviously. I made the huge mistake of downloading and installing JNC 6.5 when our network uses 6.0.0. Our tech support sent me the 6.0.0 installer, but when I try to install it, the installer says I’ve a newer version and cannot. Here’s a screen capture: http://imgur.com/QDied.png . Now I went through all your uninstall steps, and even looked at the 6.5 DMG contents and manually went through the entire list. Still the same error. When I had 6.5, I did type these two lines: sudo chmod 755 /usr/local/juniper/nc/[version number]/
    sudo mkdir ‘/Applications/Network Connect.app/Contents/Frameworks’. I’ve since gone in and removed everything from those but still the problem remains. Any guesses would be most helpful…

    February 17th, 2010 at 3:20 pm

  • Johan said:

    @Matthew: Try deleting the package receipt files in:
    /private/var/db/receipts/net.juniper.NetworkConnect.bom
    /private/var/db/receipts/net.juniper.NetworkConnect.plist

    That should let you install an older version (provided you have uninstalled everything else).

    March 16th, 2010 at 10:06 am

  • Adam said:

    Matthew, I’m having the same problem… accidentally installed 6.5 when I really need something earlier. For some reason my machine says that the 6.5 is still installed, although I’ve removed everything from the install. Did you have any luck fixing yours?

    March 28th, 2010 at 6:15 am

  • Matthew said:

    @johan: thank you, though I fixed this another way, so am unable to try your suggestion.

    @adam: I was really stuck trying to install an earlier version than 6.5 (having tried everything except @johan’s suggestion) that I made an alternative admin user on my machine, and installed 6.0.0 from that account, and deployed it to all users. That worked, and has worked for my colleagues. Good luck.

    March 28th, 2010 at 6:11 pm

  • Matthew said:

    I have since had a chance to try @Johan’s suggestion of deleting those two receipts and it also works like a charm.

    April 8th, 2010 at 6:10 am

  • sunil said:

    Matthew,
    I’m on Leopard, not Snow Leopard an am having a slightly different issue, trying to install for the first time. Hoping you may be able to shed some light on this one….(I’ve been trying for aaaaaages).

    The actual installation is failing due to a ‘ Cert check failed with result 3′ error. Below are the logs. The clean-up must remove the NetWorkConnect jar file – nothing is set-up/installed.

    Any help would be greatly appreciated,
    cheers

    NCAppController.:000 (05/05 17:29:23.930)[applet-NCAppController.class] Param cookies=
    DSAppControlThre:000 (05/05 17:29:23.932)[ Thread-45] Beginning install…
    NCAppInstallImpl:000 (05/05 17:29:23.932)[ Thread-45] Checking installed version
    NCAppInstallImpl:000 (05/05 17:29:23.933)[ Thread-45] Installed version is not readable
    DSAppControlThre:000 (05/05 17:29:23.933)[ Thread-45] This version is not already installed
    DSAppControlThre:000 (05/05 17:29:23.933)[ Thread-45] Checking to see if the application is already running
    ../../webserver/:093 (05/05 17:29:23.933)[ Thread-45] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }’” ]…
    ../../webserver/:100 (05/05 17:29:23.945)[ Thread-45] [RuntimeExec] Process ID = java.lang.UNIXProcess@3e53cf
    ../../webserver/:141 (05/05 17:29:23.976)[ Thread-45] [RuntimeExec] ExitValue of waitFor() = 0
    ../../webserver/:166 (05/05 17:29:23.977)[ Thread-45] [RuntimeExec] … done executing [/bin/sh] waitFor()= outputStream=[empty -null output stream-] statusStream=[empty -null status stream-]
    DSAppControlThre:000 (05/05 17:29:23.977)[ Thread-45] Checking to see if the application is already running
    ../../webserver/:093 (05/05 17:29:23.977)[ Thread-45] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xaco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }’” ]…
    ../../webserver/:100 (05/05 17:29:23.983)[ Thread-45] [RuntimeExec] Process ID = java.lang.UNIXProcess@e06de8
    ../../webserver/:141 (05/05 17:29:24.015)[ Thread-45] [RuntimeExec] ExitValue of waitFor() = 0
    ../../webserver/:166 (05/05 17:29:24.015)[ Thread-45] [RuntimeExec] … done executing [/bin/sh] waitFor()= outputStream=[empty -null output stream-] statusStream=[empty -null status stream-]
    DSAppControlThre:000 (05/05 17:29:24.015)[ Thread-45] The application is NOT already running
    NCAppInstallImpl:000 (05/05 17:29:24.016)[ Thread-45] The software is not installed
    DSAppControlThre:000 (05/05 17:29:24.016)[ Thread-45] Fetching [-cached/java/NetworkConnectMac_i386.jar] from the IVE
    DSAppControlThre:000 (05/05 17:29:24.231)[ Thread-45] HTTP response code is 200
    DSAppControlThre:000 (05/05 17:29:24.232)[ Thread-45] -cached/java/NetworkConnectMac_i386.jar server size=[676025] server date=[1219964229000].
    DSAppControlThre:000 (05/05 17:29:24.232)[ Thread-45] [676025] bytes should now be downloaded from the server…
    ../../webserver/:213 (05/05 17:29:24.233)[ Thread-45] copy stream to new file [/Users/muncus/Library/Application Support/Juniper Networks/NetworkConnectMac_i386.jar]
    DSAppControlThre:000 (05/05 17:29:25.061)[ Thread-45] [676025] bytes have been successfully downloaded from the server.
    DSAppControlThre:000 (05/05 17:29:25.062)[ Thread-45] Changing modification date of [/Users/muncus/Library/Application Support/Juniper Networks/NetworkConnectMac_i386.jar] from [1273044565000] to [1219964229000] to match the server.
    DSAppControlThre:000 (05/05 17:29:25.062)[ Thread-45] Fetching [-cached/java/mac_nc_langs/en.jar] from the IVE
    DSAppControlThre:000 (05/05 17:29:25.234)[ Thread-45] HTTP response code is 200
    DSAppControlThre:000 (05/05 17:29:25.234)[ Thread-45] -cached/java/mac_nc_langs/en.jar server size=[47726] server date=[1219964231000].
    DSAppControlThre:000 (05/05 17:29:25.235)[ Thread-45] [47726] bytes should now be downloaded from the server…
    ../../webserver/:213 (05/05 17:29:25.235)[ Thread-45] copy stream to new file [/Users/muncus/Library/Application Support/Juniper Networks/NetworkConnectMac_en.jar]
    DSAppControlThre:000 (05/05 17:29:25.327)[ Thread-45] [47726] bytes have been successfully downloaded from the server.
    DSAppControlThre:000 (05/05 17:29:25.327)[ Thread-45] Changing modification date of [/Users/muncus/Library/Application Support/Juniper Networks/NetworkConnectMac_en.jar] from [1273044565000] to [1219964231000] to match the server.
    NCAppInstallImpl:000 (05/05 17:29:25.328)[ Thread-45] Installing from /Users/muncus/Library/Application Support/Juniper Networks/NetworkConnectMac_i386.jar
    NCAppInstallImpl:000 (05/05 17:29:25.328)[ Thread-45] Extracting NetworkConnectBinaries.pax.bz2 from JAR file /Users/muncus/Library/Application Support/Juniper Networks/NetworkConnectMac_i386.jar and placing it in /tmp
    NCAppInstallImpl:000 (05/05 17:29:25.398)[ Thread-45] Cert check failed with result 3
    NCAppController.:000 (05/05 17:29:25.398)[ Thread-45] Starting quit sequence…
    NCAppController.:000 (05/05 17:29:25.398)[ Thread-45] Cleaning up
    NCAppInstallImpl:000 (05/05 17:29:25.399)[ Thread-45] Failed to execute the install helper: java.io.IOException: /usr/local/juniper/nc/install/ncinstallhelper: not found
    NCAppController.:000 (05/05 17:29:25.399)[ Thread-45] Failed to cleanup
    NCAppController.:000 (05/05 17:29:25.399)[ Thread-45] doQuit trying to load /dana/home/starter.cgi?startpageonly=1
    NCAppController.:000 (05/05 17:29:25.400)[ Thread-45] Loading https://rna.n.nsa.nexus.telstra.com.au/dana/home/starter.cgi?startpageonly=1 in current window
    NCAppController.:000 (05/05 17:29:49.747)[applet-NCAppController.class] Entering NCAppController.init() on Wed May 05 17:29:49 EST 2010
    NCAppController.:000 (05/05 17:29:49.747)[applet-NCAppController.class] New NCAppController session release [null]
    NCAppController.:000 (05/05 17:29:49.747)[applet-NCAppController.class] Build number [null]
    NCAppController.:000 (05/05 17:29:49.770)[applet-NCAppController.class] This host needs a i386 binary
    DSAppControlThre:000 (05/05 17:29:49.815)[ Thread-64] Quitting the app
    DSAppControlThre:000 (05/05 17:29:49.816)[ Thread-64] Checking to see if the application is already running
    ../../webserver/:093 (05/05 17:29:49.816)[ Thread-64] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }’” ]…
    ../../webserver/:100 (05/05 17:29:49.837)[ Thread-64] [RuntimeExec] Process ID = java.lang.UNIXProcess@4653a3
    ../../webserver/:141 (05/05 17:29:49.864)[ Thread-64] [RuntimeExec] ExitValue of waitFor() = 0
    ../../webserver/:166 (05/05 17:29:49.864)[ Thread-64] [RuntimeExec] … done executing [/bin/sh] waitFor()= outputStream=[empty -null output stream-] statusStream=[empty -null status stream-]
    DSAppControlThre:000 (05/05 17:29:49.865)[ Thread-64] Checking to see if the application is already running
    ../../webserver/:093 (05/05 17:29:49.865)[ Thread-64] [RuntimeExec] Executing ["/bin/sh" "-c" "ps xaco 'state,pid,command' | awk '/^[^zZ].+[N]etwork Connect/ { print $2 }’” ]…
    ../../webserver/:100 (05/05 17:29:49.874)[ Thread-64] [RuntimeExec] Process ID = java.lang.UNIXProcess@790ce9
    ../../webserver/:141 (05/05 17:29:49.907)[ Thread-64] [RuntimeExec] ExitValue of waitFor() = 0
    ../../webserver/:166 (05/05 17:29:49.908)[ Thread-64] [RuntimeExec] … done executing [/bin/sh] waitFor()= outputStream=[empty -null output stream-] statusStream=[empty -null status stream-]

    May 5th, 2010 at 4:55 am

  • Joel McCune said:

    Outstanding! This has been plaguing me for quite some time now. You are now my new hero!

    July 7th, 2010 at 4:34 pm

  • Stephen said:

    Did everything per instructions:
    but i think the pax being downloaded (or at least ‘Network Connect.dmg’ in it) is somehow defective: at the end of all the steps, double-clicking the ‘Network Connect.app’ seems to do nothing.

    Richa,
    could you give me a copy of MainMenu.nib
    (do you think that might help?)

    When I tried to open it from Terminal but see this error:
    > $ /Applications/Network\ Connect.app/Contents/MacOS/Network\ Connect
    > 2010-10-17 10:50:14.221 Network Connect[618:903] Unable to load nib file: MainMenu, exiting

    These are the contents of the package under /Applications (extracted from the PAX)
    > $ ls -C1 /Applications/Network\ Connect.app/Contents/Resources/
    > Error.strings
    > NCScriptLauncher.h
    > Network Connect.scriptSuite
    > Network Connect.scriptTerminology
    > NonLocalizable.strings
    > nc.icns
    > pluginToIVERedirect.thtml

    October 16th, 2010 at 10:42 pm

  • Richa said:

    Stephen,

    A couple of things:

    • I think the structure of the PAX (if indeed there is one any more) has changed since I wrote this post a year ago, so there may be files in other locations that you should delete prior to trying to reinstall.
    • I would not edit the contents of Network Connect.app at all. If it can’t load the nib file (which contains the application window layout and behavior), chances are that there’s something wrong with the app file itself or other Network Connect files somewhere in your system.

    My recommendation is to do a search at the command line for “juniper” in your entire filesystem:

    sudo find / -name "*juniper*" or sudo ack -g "juniper" / if you’ve got ack.

    Then do sudo find / -name "*Network Connect*"

    The list of things I got on my computer are:

    /Applications/Network Connect.app
/Library/Frameworks/net.juniper.DSApplicationServices.framework
/Library/Frameworks/net.juniper.DSCoreServices.framework
/Library/Frameworks/net.juniper.DSNetworkDiagnostics.framework
/Library/Internet Plug-Ins/net.juniper.DSSafariExtensions.plugin
/Library/Widgets/Network Connect.wdgt
/Users/<username>/Library/Caches/net.juniper.NetworkConnect
/Users/<username>/Library/Logs/Juniper Networks/Network Connect
/Users/<username>/Library/Preferences/net.juniper.NetworkConnect.plist
/usr/local/juniper

    Try deleting all the ones you find on your system and then reinstalling automatically.

    October 22nd, 2010 at 11:07 am

  • PBRady said:

    THANKS.

    You Article is the only thing that worked. Thank you very much for posting this.

    November 8th, 2010 at 4:43 pm

  • David Geens said:

    When I do this, everything works.

    I log out and all those files disappeared and I can start over again.

    This was the closest I have been to a working solution.

    Anybody an idea?

    November 22nd, 2010 at 4:49 am

  • chirag arora said:

    Thanks!

    This was very helpful.

    September 5th, 2011 at 11:57 am

  • Juni Per said:

    I had problems with network connect on OSX v7.1.0. Somehow a corrupt router had been cached, which would be force added to the arp cache on login automatically. This would have an enormous (50-60 byte) mac address. This would cause netstat to Abort Trap, which then would prevent network connect from running.
    Conveniently this route cache file isnt removed on deinstall so you need to dtruss it to work out what is going on.

    Removing the files ~/Library/Preferences/ncproxyd.plist*
    fixed the problem.

    May 8th, 2012 at 9:53 am

  • Jason said:

    The last post about ncproxyd.plist pointed me in the direction I needed.

    I had the same in my arp table a very very long mac address, causing a parse error when I launched the diagnostic tool…

    However all the above steps did not help until I cleared my arp cache…

    sudo arp -d -a

    And magic, it works.

    P.S. OSX 10.7.2 and Java 1.6_033 and Network Connect 7.1

    August 24th, 2012 at 12:31 pm

  • bubuli said:

    I’ve come across this problem with NC 7.1 and Mountain Lion when I force quit NC at one time. installing and reinstalling via NC installer nor in Firefox (visiting the VPN homepage) didn’t work. none of the

    what did help (in a last desperate attempt, I admit) was to follow the steps here: http://forums.juniper.net/t5/SSL-VPN/Snow-Leopard-Network-Connect-Fix/td-p/25056/page/2 which essentially is to visit your VPN home page using Safari IN 32-BIT MODE. I’m not entirely sure how the hell that worked (maybe the 32-bit version of the NC is installed?) but it worked for me.

    I hope this helps the poor souls who’s having this same problem…

    February 7th, 2013 at 7:11 pm

Leave a reply

(required)
(required) (will not be published)