Tag: VPN

Juniper Network Connect Eerror nc.windows.app.23711 Fix

Diagnosis for me was getting error nc.windows.app.23711 after a random amount of time running VPN to IVE.

According to Juniper forums and burgtrack [1, 2], The error message is caused by something changing your computer’s route table. It may be any application. hen it happens, you are going to receive similar message in a network connect log (when set to ‘Detailed info’ level: Advanced View -> Logs):

00218,09 2012/04/12 23:20:43.001 1 SYSTEM dsNcService.exe dsNcService p1612 t690 routemon.cpp:582 - 'rmon' Unauthorized new route to 10.95.48.228/192.168.1.7 has been added (conflicts with our route to 0.0.0.0), disconnecting

The message is not going to be the last one before you receive the error, you have to scroll a bit up to find it.

Since I had no Bonjour installed, I had to find anything what could change my routing table. I searched registry for IP address appeared in logs. It should have pointed me to a software abusing my routing. In the registry of mine the address appeared few times, all in printing settings. Most of the branches having ‘10.95.48.22’ record had ‘Hewlett Packard’ record, or appeared in HP branch, or had other relation to HP. Since the soft belonged to HP, I had to prevent anything developed by HP from starting up with my system. I used autoruns by Sysinternals to disable all the HP-vendored soft. After the reboot I discovered my VPN connection would not interrupt. After enabling services one by one, I found out the issue was caused by

c:\windows\system32\hptcpmon.dll

I suppose it is some kind of driver or so. Most likely it is a part of printing driver ver 61.93.1.67 for HP LaserJet M2727 MFP Series PCL 6 on Windows 7 64 bit. But I’m still not 100% sure that the issue cause by the driver itself. It may be caused by Windows 7, who attempts to add a route to the installed TCP/IP printer.

April 13, 2012 Comments (5)

How to Remove Juniper Netscreen Tunnel Interface

1. Delete all routes for all VR’s

set route 10.0.0.0/24 interface tunnel.1 preference 20
set route 10.0.0.0/24 interface tunnel.1 preference 20

2. Delete all policy entries

set policy id 1 name "Policy Name" from "Trust" to "Untrust"  "Local" "Remote" "HTTPS" permit
set policy id 1
set service "Remote-services"
exit
set policy id 2 from "Untrust" to "Trust"  "Remote" "Local" "ANY" permit
set policy id 2
set dst-address "Trust-networks"
exit

3. Delete all policy elements

set address "Untrust" "Network Name" 10.63.194.0 255.255.255.0

4. Delete all interface bindings. Via web interface you should edit AutoKey IKE entry by removing interface binding first (advanced settings), only after delete the AutoKey IKE

set vpn "PH2_Policy" id 0x1b9 bind interface tunnel.1

5. Delete AutoIKE entry

set vpn "PH2_Policy" gateway "PH1_Policy" no-replay tunnel idletime 0 sec-level standard
set vpn "PH2_Policy" monitor source-interface ethernet0/1 optimized rekey
set interface tunnel.1 ip unnumbered interface ethernet0/1

6. Delete the tunnel Interface

set interface "tunnel.1" zone "Untrust"

January 17, 2012 Comments (0)