Screen OS

Hello.

One of our staff is having problem w/ NS Remote 9.0r3 on Vista machine.

Sympton is, when he tries to connect to the remote site, he doesn't see

the list under "Connect" menu even tho a policy is loaded properly.

On a XP machine w/ NS Remote 9.0r3 has no problem, but Vista.

Please see the log from his machine.

x=====================================================x

 4-29: 00:03:22.542 This is a GA version of NetScreen-Remote.
 4-29: 00:03:22.661 Filter table loaded (1 entries).
 4-29: 00:03:43.749 This is a GA version of NetScreen-Remote.
 4-29: 00:03:43.867 Filter table loaded (1 entries).
 4-29: 00:03:49.790 This is a GA version of NetScreen-Remote.
 4-29: 00:03:49.907 Filter table loaded (1 entries).
 4-29: 00:03:52.181 This is a GA version of NetScreen-Remote.
 4-29: 00:03:52.300 Filter table loaded (1 entries).
 4-29: 00:04:14.870 This is a GA version of NetScreen-Remote.
 4-29: 00:04:14.987 Filter table loaded (1 entries).
 4-29: 00:04:17.814 This is a GA version of NetScreen-Remote.
 4-29: 00:04:17.932 Filter table loaded (1 entries).
 4-29: 00:04:21.765 This is a GA version of NetScreen-Remote.
 4-29: 00:04:21.903 Filter table loaded (1 entries).
 4-30: 00:06:10.558 This is a GA version of NetScreen-Remote.
 4-30: 00:06:10.589 IreIKE: Unable to read policy database.
 4-30: 00:06:10.636 Unrecognized NETPROC setting: 0. Secure Specified used.
 4-30: 00:06:10.636 Filter table loaded (0 entries).
 4-30: 00:06:13.974 This is a GA version of NetScreen-Remote.
 4-30: 00:06:14.006 IreIKE: Unable to read policy database.
 4-30: 00:06:14.052 Unrecognized NETPROC setting: 0. Secure Specified used.
 4-30: 00:06:14.052 Filter table loaded (0 entries).
 4-30: 00:06:20.386 This is a GA version of NetScreen-Remote.

x====================================================x

I asked him to create a new policy from scratch tho, no help.

I regenerated from a XP machine w/ 9.0r3 tho, no help.

he doesn't have any other vpn client software installed on his machine  as well.

Do you have any other idea?? any advise would be great.

Thank you very much in advance.

Regards,

Takeshi

Anyone?? No idea!? or if my english is good enough,

please let me know. I try to explain as much as possible.

Thanks,

Takeshi 

Hello tjay,

Thank you very much for your  reply.

I'm not sure what you meant for "Machine" tho,

Client PC is Windows Vista

NS Remote is v9.0r3

It doesn't matter which NS we have tho, Firewall is NetScreen 5GT (5.3.0r6.0).

Thanks!

Takeshi

same problem here.... did you find any solutions ?

Regards,

Robin

There must be a bug in the NS Remote installer.  I installed it on a fresh Vista machine and could not get a listing of any connections under the 'Connect...' option even though the connections appeared in the Security Policy Editor.

I finally tracked it down and found the installer had put all security policies in the wrong place in the registry (sorry, I can't remember where they were).  Once I moved them to HKEY_LOCAL_MACHINE/SOFTWARE/IRE/SafeNet/Soft-PK/ACL the all appeared and worked fine.

I have installed on other Vista machines and most of the time it seems fine.

*Quote====================================================

I finally tracked it down and found the installer had put all security policies in the wrong place in the registry (sorry, I can't remember where they were).  Once I moved them to HKEY_LOCAL_MACHINE/SOFTWARE/IRE/SafeNet/Soft-PK/ACL the all appeared and worked fine.

====================================================Quote*

I am not sure what you meant by "moved all security policies to HKLM....." tho,

I will compare the registry w/ XP one.

If you remember, please post it here. That would be great.

Thank you very much any way!!

Takeshi

If you edit the registry on Vista with regedit and use the search facility to look for one of your connections it should find it in the previously mentioned path type - under IRE.SafeNet/Soft-PK/ACL with a subkey of 0, 1, 2... depending on how many connections you've defined (I think mine originally showed up in the HKEY_CLASSES_ROOT primary key).  I can't remember exactly what level of key I exported - it may have even been the entire IRE subkey (you may be able to check this by seeing how much is already under the HKEY_LOCAL_MACHINE.SOFTWARE key.  Once you decide how much you need, export it (right click on the subkey) and save it to a file.  You'll then need to edit the file it created with a text editor and change the location of the keys to where you want it in HKEY_LOCAL_MACHINE and import it again.  All the connections you imported should then appear under the 'Connect...' option (you may have to reboot - I can't remember).

I'm not certain what the security ramifications of this are - I suspect that the connections probably appear for all users, which may not be what you want.  Perhaps if they were moved under the correct user in the registry it would limit it but that wasn't a requirement for me and I didn't experiment with it.

Sorry I'm a bit inexact on my answers - I'm sure Juniper must know about this but I got caught in their policy of 'support starts when it leaves the factory, not when you buy it' rubbish and they wouldn't help me without buying another support contract so I had to figure it out myself.

What kind of PC/laptops ?

Sony/HP/Dell??

Hello Wil,

Thank you very much for your explanation. I will look into it, then

I will just in case, compare w/ a XP machine. Thanks!!!

Hello tjay,

His PC is DELL & desktop.

Thanks,

Takeshi 

Hi, the problem is the virtual registry you can export and import the keys or follow the following procedure from juniper support:

05/07/08 11:06:13 Hi Robin,

Thank you for contacting Juniper Technical Assistance Center. My Name is Jai and I am the engineer who would be assisting you on this case.

I understand that you are not getting any connections in the connect option. Please follow the steps that are given below to make it work.

1. Open the security policy editor and export the .spd file to any location in your local hard disk.

2. open the .spd file with a notepad.

3. save that .spd file with '.reg' extension.

4. after saving the file with .reg extension, right click on that and click on Merge.

    you will get a message that the file successfully merged. The reboot the p.c and see if you get an option to connect.

Normally when we create a .spd file a corresponding .reg file gets created somewhere in the systems, however sometimes that .reg file doesn't get merged properly with the systems and creates this issue.

So the steps mentioned above should solve the issue.

Please get back to me if you have any queries and concerns.

Thanks & Regards,

Jai Kumar Udayakumar

====================================================

Hello  RobinVermeirsch,

Thank you very much for sharing your experience.

This sounds like it. I will ask him to import the registry.

I will report you back when I hear from the user.

Thank you very much!!

Regards,

Takeshi

Hello All,

Thank you all very much for your kind replies.

Finally we've got it working.

Thank you very much to RobinVermeirsch for the solution.

That solved the problem!! THX!!!

Best Regards,

Takeshi