Update: September 1, 2009
Juniper has released software 6.5 for the Juniper SSL VPN (Secure Access) appliances which now supports running WSAM on Windows 64-bit operating systems. I’ve posted a new article that details the new software which can be found here; http://blog.michaelfmcnamara.com/2009/09/juniper-ssl-vpn-secure-access-6-5-available/
Almost six years ago we deployed a Neoteris Secure Access 1000 appliance which was designed to publish Intranet based web applications to Internet clients. Neoteris was acquired by Netscreen and then Netscreen was acquired by Juniper. Over a year ago we upgraded our legacy hardware with two Juniper SA4000s running them as a cluster in a high availability design (active/standby). The solution has been very successful with the exception of the occasionally home PC that for one reason or another refuses to install the client software.
We recently upgraded to software release v6.2R1 which promised full support for Windows Vista 64-Bit and Juniper’s Windows Secure Application Manager (WSAM). Juniper’s Windows Secure Application Manager is essentially a mini VPN client that tunnels traffic across an SSL connection with the SA4000 appliances. It provides raw connectivity for non-HTTP based applications. While the documentation indicated that Windows Vista 64-Bit was fully supported we were unable to make it work after a few customers reported having issues. We opened a ticket with Juniper and waiting four business days before Juniper was able to confirm our findings; they too were unable to make it work. We were informed the ticket was to be escalated to design but I immediately found it odd that no one else had already reported this problem. In short Juniper informed us that Windows Vista 64-Bit is not supported and the documentation indicating it was support was “incorrect”. Needless to say I’m not very happy with Juniper as this point and it certainly seems that Juniper has some serious QA issues in their software and documentation teams. Let’s not even talk about the 9 business day turnaround which is essentially two weeks.
I recently had a discussion with a physician, remember I work for a large healthcare provider, who had tried in vein to help himself by Googling for any hints or tips to getting WSAM working with Windows Vista 64-Bit. So here are some tips that will hopefully get picked up by Google.
- You must be an Administrator to install the software components
- You’ll need to be running Windows XP (32-Bit) Service Pack 2 or later
- If you have a pop-up blocker enabled make sure you exempt the Juniper URL
- If you have your firewall enabled make sure you unblock WSAM
I’ve also seen issues if ActiveX, JavaScript, or Cookies are disabled from within Internet Explorer. The WSAM software is a Layered Service Provider (LSP) application and as such other software, malware, spyware, etc can sometimes interfere with it’s proper operation. You can have a look here for a utility that might help to clean up any LSP issues that you might have.
The Windows Secure Application Manager can not be run from within a Windows Terminal Server or Citrix session.
Cheers!
Update: August 13, 2008
I recieved a few questions about Juniper’s Windows Secure Application Manager (WSAM) and I thought I would pass on the questions and answers.
Q. Does Juniper’s WSAM support a proxy server?
A. No Juniper’s WSAM does not support a proxy server. The client will need direct Internet access on TCP 443 (https).
Q. Where are the log files, there’s nothing in C:\Program Files\Juniper Networks\Secure Application Manager?
A. The log file is actually stored in the following location; C:\Documents and Settings\<username>\Application Data\Juniper Networks\Secure Application Manager
Update: September 18, 2008
As noted in the comments Juniper has released a customer bulletin concerning the problem. Here’s the official response I received from the Juniper TAC, I haven’t received any follow-up from the sales team which the Juniper TAC referred me to.
“KB12097 was posted to our Knowledge Base Support site and engineering has implemented a check in the WSAM installation that will display an error to the user if they are attempting to install WSAM on a 64-bit Operating System. This fix should be available in the next maintenance release of IVE OS 6.2. As for future support for WSAM on 64-bit systems, this has been revisited by PLM and it is now on our roadmap.”
Update: October 5, 2008
I’m amazed at the number of views that this post has garnered. It seems there are quite a few folks out there trying to figure out why Windows Vista 64bit won’t work with WSAM. I thought I should point out that the Juniper Network Connect client is compatible with Windows Vista 64bit (and 32bit). This may be an option for users although those users will need to speak to their System Administrators since it will require additional configuration and perhaps even licensing.
Cheers!
Thanks for the info. It’s still not clear on Juniper’s support site, but your posting saved us a lot of troubleshooting time.
Thanks for the comment. I’m now waiting on the Juniper sales team (not sure how it became a sales team issue but that’s where the Juniper TAC sent the problem) for a response to the problem.
Good Luck!
They must have heard your complaints and published a KB two days after your inquery. You can find their post under KB12097. Unfortunately, they still haven’t updated their Supported Platforms documents.
Thanks for the comment Warren. I’ll be sure to post here when I hear back from Juniper.
Finally a descent answer! I work for a major Belgian bank and we’ve been having this issue for over half a year now. According to juniper everything should work fine.
We did manage to get WSAM working on the regular 32 bit Vista. You just have to disable the UAC there.
Hi Stijn,
I’m continually amazed at the amount of traffic to this post. It seems like there are a lot of folks out there trying to understand why the Juniper client doesn’t perform as advertised.
As I mentioned above the Network Connect client will work with Windows Vista 64bit.
Thanks for the comment!
Hi Michael,
There are bunch of folks in our office with Vista 64 bit Home premium OS desperately trying to figure out a way to get the WSAM to work. I called Juniper couple of weeks ago and the tech support guy was so ignorant that he said WSAM is a Microsoft product and I should be contacting Microsoft for the support. Our own tech support guys simply say that Juniper doesn’t work on 64 bit OS. As per your latest update, it should be working on 64 bit too now. Can you please provide the settings/configuration changes that need to be made in order for the Juniper WSAM to work on 64 bit Vista Home Premium. After I log in, I get a message saying please wait for the application to launch and then displays a blank page. I don’t see the blue icon in the task tray indicating the application is not launched.
Thanks a lot in advance.
Hi Kal Chak,
As of this time the Juniper Windows Secure Application Manager (WSAM) will NOT work with Windows Vista 64bit. The Juniper Network Connect client works with Windows Vista 64bit but NOT WSAM. I understand from Juniper that they hope to have support for Windows Vista 64bit sometime in the second half of 2009. The latest release of software for the Juniper SSL VPN appliances will now properly detect the presence of Windows Vista 64bit and will alert the user that the client computer is not supported.
Unless you can talk your technical folks into setting up a separate group using the Network Connect client you’re not going to have any luck getting WSAM to work on Vista 64.
Good Luck!
For anyone interested, I have been able to get the Juniper client running on 64 bit Linux, without installing the 32 bit Java! Here’s how:
http://josh.blogdns.com/?p=206
Thanks for the information Josh.
I’ll assume that you are using JSAM which will work perfectly in Windows Vista 64-bit. While on the subject, Juniper is very close to releasing a version of software that supports WSAM in a Windows Vista 64-bit platform. While Juniper has contacted me I haven’t yet had the time to reach out to them.
Thanks for the comment!