Network Connect Hangs on “Establishing secure connection…”

Being a work from home / travel employee means that VPN access is critical for me. From time to time I run into issues with my VPN that consume time and impact productivity. When I run across such issues I like to blog about them to hopefully solve the problem for someone else. In this post, I would like to discuss when Network Connect hangs with “Establishing secure connection…”

jnc

VPN issues can be caused by a variety of things, but in the case of Network Connect I find Java to be the underlying issue the majority of the time. My typical troubleshooting steps look something like the following:

  • Did I recently upgrade Java? Yup, moved to Java 8 Update 60 (60… really?!)
  • Clear temporary Java files and retry — fail
  • Remove Java applications and retry — fail
  • Clear browser cache and retry — fail
  • Reinstall Network Connect — fail
  • Restart the computer — fail
  • Check the logs — note this should be the first step

In the logs I found an interesting message:

10/8/15 1:39:07.418 PM com.apple.kextd[45]: ERROR: invalid signature for net.juniper.nke.nctun_tiger, will not load

Bingo, the signature is not being accepted likely due to the Java update — which means an update to Network Connect is needed. So the options are either revert to a previous version of Java (not going to happen) or ignore the signature error. To disable the signature error on mac run:

The above command disables signature validation for ALL applications and packages — technically this is a security risk, but if you know and trust what you are installing it is not an issue. After running the above command you need to restart your mac. Now Network Connect will work properly. In a few weeks I will try to turn signature checking back on and see if the issue is resolved.

© 2015, Steve Flanders. All rights reserved.

8 thoughts on “Network Connect Hangs on “Establishing secure connection…”

  1. Martin says:

    Steve,
    What version of OS X are/were you running when you re-enabled kernel extensions? I ask because I see this issue using Juniper Network Connect from OS X 10.11 and re-enabling the kernel extensions along with a reboot has not resolved the issue.

    Oct 13 10:55:29 crm06032 com.apple.kextd[46]: ERROR: invalid signature for net.juniper.nke.nctun_tiger, will not load
    Oct 13 10:55:29 crm06032 kernel[0]: Kext net.juniper.nke.nctun_tiger not found for unload request.

    • Fadi says:

      Martin and Steve,

      I’m not seeing the first error (invalid signature), only the second (Kext net.juniper.nke.nctun_tiger not found for unload request.). Any idea what that means?

      Martin, did you ever get yours to work?

      Thanks Steve for putting this together.

      Fadi

  2. Even with Pulse, my version doesn’t work with El Capitan. I had to run csrutil in the recovery partition in order to get it to work. After doing that, I was able to connect with either, nc or pulse.

Leave a Reply