Load, Unload or Enable, Disable Launch Agents and Daemons for Junos Pulse Update.

Chris_Lyons
New Contributor

Hello,

I am trying to install a newer version of what was Junos Pulse now its Pulse Secure without a reboot.

When Updating to the newer version via Casper over the old version when it reboots it automatically picks up the Connections preferences fine. The issue is when Installed and you don't reboot the connections preferences disapears nothing is deleted. So if I locally use these commands in the Terminal

This is to Quit Junos Pulse

#!/bin/sh

{ launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist sudo launchctl unload -w /Library/LaunchDaemons/net.juniper.AccessService.plist osascript -e 'tell application "Junos Pulse" to quit'
}

This is to Start it back up after Install:

#!/bin/sh

{ sudo launchctl load -w /Library/LaunchDaemons/net.juniper.AccessService.plist launchctl load -w /Library/LaunchAgents/net.juniper.pulsetray.plist
}

it works but if I put this into a policy the Line "launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist" i get this for an error from the Policy:

Executing Policy Test FOR VPN Client...
Running script Quit Junos VPN Client...
Script exit code: 0
Script result: /Library/LaunchAgents/net.juniper.pulsetray.plist: Could not find specified service

I haven't tried the Startup script in a Policy but it works fine directly on a machine. I am running OS X 10.10.5 most of the Mac's are Yosemite, then we have a few stragglers of 10.9.5 as well as El Cap Machines. We are Running Casper 9.81.

I know that the commands have changed from Mavericks and older OS's to Yosemite and Higher, so I am looking for insight to what I might be doing wrong.

Thanks in advance.

7 REPLIES 7

thoule
Valued Contributor II

LaunchAgents run as the user, not root.

If you run:

launchctl list| grep juniper

as both your user account and as root, you'll see different things back. Policies always run as root. In order to get it to work, you'll need to execute launchctl load for the LaunchAgent as the user using bsexec and prayers. It's a PITA.

mm2270
Legendary Contributor III

The issue is that its trying to load a user level LaunchAgent while running from a script being called in a root context. As LaunchAgents are loaded in the user space, this fails if called from a Casper Suite policy (they run as root). You should take a look at this thread for information on how to script around that. The end solution will be a little different if done on 10.9 versus 10.10 and up, but its the same principal for both.
https://jamfnation.jamfsoftware.com/discussion.html?id=7555

Chris_Lyons
New Contributor

Thanks thoule, mm2270, I will look at both, do some reading and see if I can get it to work. I appreciate the Help and I will post what I find works.

Thanks
Chris

jduvalmtb
Contributor

Here's the script I use to load LaunchAgents - different application, but concept still applies:

#!/bin/bash
#Script loads the deployed user.launchkeep.GoogleDrive.plist that came from a Casper PKG.  Using because Google Drive is randomly crashing on end-user devices.

#Get User Name
loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`
#Confirms working
echo $loggedInUser
#Need to kill Google Drive - found is open load the .plist, the Google Drive Finder window continiously opens.
killall Google Drive
sleep 5s
#moves the .plist to user's folder & ensures correct permissions.
sudo -u $loggedInUser mkdir /Users/$loggedInUser/Library/LaunchAgents
cp /var/mbca/user.launchkeep.GoogleDrive.plist /Users/$loggedInUser/Library/LaunchAgents
chown -R $loggedInUser /Users/$loggedInUser/Library/LaunchAgents
chmod 744 /Users/$loggedInUser/Library/LaunchAgents
#user needs to be able to rx the script
chmod 755 /private/var/mbca/KeepGoogleDriveAlive.sh
#loads the .plist.  Must be loaded as the user, not root.
sudo -u $loggedInUser launchctl load /Users/$loggedInUser/Library/LaunchAgents/user.launchkeep.GoogleDrive.plist

exit 0

jenieze
New Contributor

@Chris.Lyons What ended up working for you? I'm curious because I'm in the same predicament with different plists.

Chris_Lyons
New Contributor

jenieze

I had to stop working on this for a short time, I should be back to this some time this week. I will post the results.

seanbalsiger
New Contributor III

@Chris.Lyons Did you ever figure out how to do this without a reboot? I'm working on updating Pulse Secure and changing connections config and it only seems to work when I reboot.