Windows VDA + Pre Deploy Juniper client / Pulse Secure

Today I will talk a small tip if you want to deploy a golden image to make it possible to pre-configure the pulse secure application (formerly knew as the juniper client)

If you don’t do the tip the error you will face if pulse secure is already installed is only one simultaneous machine will be able to connect the VPN. (One user will connect, and the other will be disconnected)

In the base image you need to edit the connstore.dat

10-24-2016 9-30-01 AM.png

After you open the file with notepad, and remove that machine GUID’s line:

10-24-2016 9-29-04 AM.png


Save the change., after we need to erase the Device ID in the registry.

I did a script that do it that way:

net stop juniperaccessservice
REG delete “HKLM\SOFTWARE\Wow6432Node\Juniper Networks\Device Id” /v DeviceId /f
REG delete “HKLM\SOFTWARE\Juniper Networks\Device Id” /v DeviceId /f

After you can copy the .dat, and put in the same folder and name it It will be used if you re-change the golden image, and you need to re change fast the GUID. We can add those line to our script:

   copy “C:\Program Files\Common Files\Juniper Networks\ConnectionStore\” “C:\Program Files\Common Files\Juniper Networks\ConnectionStore\connstore.dat” /y
copy “C:\Program Files (x86)\Common Files\Juniper Networks\ConnectionStore\” “C:\Program Files (x86)\Common Files\Juniper Networks\ConnectionStore\connstore.dat” /y

Updated: Pulse added a command line parameter for shared install, SHAREDINSTALL=1

The command line make the installer to not write the GUID and it does not start the service (so the registry key is not wrote).

I keep my tip there as if you need to restart your golden image for a reason X, then you will still need the script.



How to add non latin entry in the Windows Host file ? (%SystemRoot%\System32\drivers\etc\hosts)

There is a small tip if you need to add a non latin entry in the host file.

An example;         www我等主营.com

or   локалхост

The file itself does not accept any non latin encoding, thus those two example over would not work, but you can bypass the problem with punycode. (Look there for a generator)

A description from Wikipedia of what is punycode;

Punycode is a way to represent Unicode with the limited character subset of ASCII supported by the Domain Name System. For example, “München” (German name for the city of Munich) would be encoded as “Mnchen-3ya”.


That tip would transform our two test domain to that; xn--80atccmdviy





ps. Some post referencing that problem in Serverfault : 1, 2


Windows Remote Desktop Service – Manually creating a .RDP file

I will talk about a small tip; how to manually create a .RDP’s file.

Why would I do that you may ask me, well, if you got a new Remote Desktop Server in 2012R2 you may seen that the wizard to create and deploy the icon is no longer there.

You may deploy all the icon with the correct way with RDWeb, but what if you need a onetime connection to another server that you just want the RemoteAPP icon on the desktop ?

This tip is meant for that;

There is a small .RDP file’s example edited in notepad :

session bpp:i:32
prompt for credentials on client:i:1
span monitors:i:1
use multimon:i:1
server port:i:3389
allow font smoothing:i:1
authentication level:i:2
alternate shell:s:||AcroRd32
remoteapplicationname:s:Adobe Reader 9

As you can see the layout is pretty simple, 3 things must be edited to have that work;

1- Servername (full address:s:FQDN)

2- The application name (alias) (alternate shell:s:||AcroRd32)

3- The application name (remoteapplicationname:s:Adobe Reader 9)

To see what those name mean, there is an example from an older 2008R2 display:



Now with that information, you can now publish that small icon with GPP, or any other mean ( and at the same time we demystified that .RDP’s file 🙂 )