Fix completely broken Juniper VPN on Mac OS Lion

My Juniper VPN was utterly screwed. After a connection failure I was no longer able to reach the login page for the Juniper and I would have to reboot to get my network working again. I had this log event in the log viewer (but not much else):

2012-06-16 11:33:30.130 ncproxyd-admintool[p12223.t4355] adminsession.error Failed to add route: Invalid argument (AdminPrivilegedSession.cpp:831)

To fix it I had to uninstall and completly scrub all trace of the Network Connect client, and then reinstall. For added chances of success, I did the installation using sudo to ensure I was not going to run into any permissions errors. Instructions:

  1. Open Finder – Applications, drag Network Connect to the Trash.
  2. Open up a terminal:
    sudo rm -rf /usr/local/juniper
    find ~ -iname “*juniper*”
  3. Delete all of the files found providing none of these belong to your Parallels VM, using
    find ~ -iname “*juniper*” -exec rm -fr “{}” “;”
  4. Open Finder – Applications – Utilities – Java Preferences
    Note: in recent java updates, this item has moved to System Preferences – Java 
  5. Under security, delete references to the Juniper connection
  6. Under Network, click “Delete files …” to remove all cached files
  7. If you have Safari open, quit the application.
  8. Open Safari with admin privilege. From a terminal:
    sudo open /Applications/Safari.app
  9. Try and connect to the Juniper VPN again. The app will reinstall, hopefully successfully!

7 thoughts on “Fix completely broken Juniper VPN on Mac OS Lion”

  1. This is exactly what I needed to do. Thanks for the excellent write up, better than anything i found within Apple Support Forums or Juniper Network Forums.

  2. Thanks! Use Network Connect for work and ran into problems with it. You detailed notes on how to resolve proved most helpful (though, I didn’t need to use sudo to open safari and reinstall). Much appreciated.

  3. It sometimes will insert a very very invalid route, causing all routes to fail. Something like this:
    Destination Gateway Flags Refs Use Netif Expire
    0&0x68 67.7.0.0.0.0.0.0.0.0.e.0.8.ff.ff.ff.0.0.0.68.80.0.5.14.4.0.37.2c.3.8.1.0.7.0.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7f.ff.ff.ff.0.0.0.0.dc.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 USc 3 0 en0

    To fix without all the uninstall/reinstall/reboot work: Kill/forcequit network connect and any other VPN (Juniper Pulse?), sudo ifconfig en0 down, sudo route flush ( a few times until netstat -nr doesn’t show the crap route anymore), then sudo ifconfig up en0. If using dhcp (pretty standard now days) it should re-configure the proper routes and get you going again. To prevent it in the future, be sure to disconnect and quit network connect before powering off. It seems to insert the route when initializing before any valid interface is up, thus getting the wonky looking wrong info.

  4. I had this problem several times, and the only way to fix it was using a wired connection (on a different network), which would fix the routing problem.

    But after reading someones attempt to explain the problem, gave me an idea, since the IVE cannot find the host, I just added the IP address in the hosts file, started network connect (which now works, since ite can find the host), connected to VPN, and then removed the entry in /etc/hosts again (and i still works).

    So, just add entry in /etc/hosts and Network Connect will correct itself, after which you can remove the entry again.

Got a comment? Don't be shy: