Monday, April 30, 2012

Case Study: Juniper client disconnects randomly with nc.windows.app.23711


Below is an actual issue seen several times in our working environment involving Juniper VPN client (NC Connect)

Issue:
System Log Message: The Network Connect session terminated. Do you want to reconnect? (nc.windows.app.23711). 


- Juniper Networks > Network Connect 7.1.0
- MS Windows 2000, Windows XP, Windows Vista, Windows 7



Analysis:

This error indicates that some installed software or program in your laptop is trying to modify the network routes within your laptop. The Juniper VPN application see this as a threat and therefore throws this message and disconnects the VPN tunnel.

Historically, this is widely caused by the older version of the Bonjour service (versions earlier than 1.06) used by Apple. Recently though, we have discovered that some device management applications are also causing the same issue.

I have experienced this at home myself. I have a Canon printer management suite that auto-runs on startup of my laptop. It automatically scans my home network for my printer. When I connect to the company network via VPN, I lose connection to my home network, thus losing connection to my home printer. To look for the printer, one of the things that the Canon management suite does is modify the route table of my laptop, which is the "threatening" action detected by Juniper which then causes the VPN to be disconnected. Luckily though, the simple solution here is to turn off the Canon management suite before I connect via VPN.


Troubleshooting with debugs/Logs:


Below steps may help confirm if the above error is indeed generated by "unauthorized" modification of the computer's routing table. We've had multiple issues in which there is nothing indicated on the logs, but later on we determined the cause is the same.
  1. Launch NC troubleshooting (Start > All Programs > Juniper Networks > Network Connect 7.1.0
  2. On the Logs tab, select "Detailed Info"
  3. On the Information tab, select "Show All" from the dropdown, and click "Copy to Log"
  4. On the Diagnostics tab, click "Start Diagnostics, then after completing successfully, click "Copy to Log"
  5. Connect via VPN.
  6. Once the connection breaks and you get the error message, go back to NC Troubleshooting > Logs tab > click Explore Log Files
  7. Search each of the log files for "unauth"

Workaround:

First thing to check is the Bonjour service version installed; versions earlier than 1.06 are known to cause this issue.

Next, check the computer for any device management applications/application suites. These refers to any device managed by this computer remotely over the network (wired or wireless), such as printers, scanners, fax, modems, and cameras. If so, turn them off (via Task Manager) and connect again to test.