Remote Access Services Microsoft Windows - Installation and Troubleshooting Guide Version 2.1 February 19, 2013 1 P age
TABLE OF CONTENTS 1 MICROSOFT WINDOWS XP INSTALLATION PROCEDURES... 3 2 MICROSOFT WINDOWS VISTA AND WINDOWS 7 INSTALLATION STEPS... 9 3 TROUBLESHOOTING ISSUES ON WINDOWS PLATFORMS... 19 3.1 Internet Explorer... 19 3.2 Non-Internet Explorer Browsers (Firefox, Chrome, etc.)... 20 3.3 Issues and Resolutions... 20 3.3.1 Verify Internet Explorer Version... 20 3.3.2 Internet Explorer Protected Mode... 21 3.3.3 Modifying Your Trusted Sites... 21 3.3.4 Disabling ActiveX Filtering... 22 3.3.5 Disabling Firefox Pop-up Blocker... 23 3.3.6 Resetting the SSL Network Extender Fingerprint... 24 3.3.7 Removing Toolbars... 25 2 P age
1 Microsoft Windows XP Installation Procedures CPS OWNED COMPUTER - Test your access from the CPS Network first Users are expected to test the Remote Access install procedures on their CPS-owned computer during normal business hours from within the CPS network. You will need to connect your computer to the CPS network using a network cable or connect to the wireless network. If an issue arises, please call the IT Service Desk at 773-553-3925, option 9. Minimum hardware and software requirements are listed on the Remote Access website. You must have administrative rights on your computer to install the client or have at least Java version 1.4 or greater. You must have ActiveX enabled and be able to accept 1 st party cookies. Please close all the open applications before proceeding with CPS Remote Access Client Installation. Remote Access Installation Directions Step 1 Go to the Remote Access website http://connect.cps.edu; Installation of the Remote Access client will automatically begin. Step 2 ActiveX Installation You will be presented with one of two screens. If you see the following message box pop up, continue with Step 3. If not, skip to Step 5. 3 P age
Step 3 In Internet Explorer you may see this error message Microsoft Windows Installation and Troubleshooting Guide If this message appears, click the link click to run Sun Java applet. Step 4 Allow the security scan to store results for future use. When prompted with the pop-up above: Check next to Always trust content from this publisher box. Then select Run to continue. When the graphic below appears the security scan has been initiated. Step 5 Proceed with Step 5 only if directed here from Step 2. Otherwise skip to Step 6. You will be prompted to install the ActiveX version of the security scanner. Click Install. 4 P age
Step 6 - Scan Results Pass / Fail Once the security scan has completed, you will be presented with the results of the scan. In the event the security scan failed, proceed to Step 7, if your machine passed the scan proceed to Step 8. Step 7 Security Scan Failed In the event the security scan failed you must resolve the issues presented on the screen. Otherwise, you will be unable to use the Remote Access solution. The harmful software identified from the security scan includes hyperlinks that provide suggestions for removing the offending piece of malware. ATTENTION: If your machine has failed the security scan please proceed with the following steps based on the machine type: If the machine is a CPS-owned laptop or desktop. If the security scan has failed on your CPS machine follow the instructions provided when the security scan failed. If you continue to have difficulty resolving the issues identified on the security scan, contact the IT Service Desk at 773-553-3925, option 9. If the machine is your personal laptop or desktop: If the security scan has failed on your personal laptop follow the instructions provided when the security scan failed. If you continue to have difficulty resolving the issues 5 P age
identified on the security scan, please locate an alternate technical support resource to assist you in finding a solution. Step 8 Security Scan Passed, Ready to Login After your machine has successfully passed the security scan you will see the screen below: Select and enter your network ID and password. Now click the button to login to the remote access solution. Step 9 Login Accepted Launching SSL Network Extender 6 P age
After logging in, the new SNX client will launch and will install the SSL Network Extender. Step 10 Please click Yes or OK to accept the Gateway Identification. Step 11 Successful Login - You are now connected to the Remote Access Solution and SSL Extender. Upon successful login, you will be presented with the screen below where you can click on the published applications or connect to your applications through the SSL Network Extender. 7 P age
Congratulations, you have completed the installation and sign in process for the new Remote Access solution. 8 P age
If you continue to experience issues with your installation, please refer to the support documentation for Remote Access support website (http://vpn.cps.k12.il.us) or contact the IT Service Desk at 773-553-3925, option 9. 2 Microsoft Windows Vista and Windows 7 Installation Steps Windows Vista and Windows 7 present screens that will require additional action on your part to proceed with the Remote Access client installation. This section will show you what to expect and how to respond. Step 1 Go to the Remote Access website http://connect.cps.edu. See steps 2-7 for instruction on how to add this website to your trusted sites. Step 2 From Internet Explorer, click Tools -> Internet Options. 9 P age
Step 3 Click on the Security tab. Microsoft Windows Installation and Troubleshooting Guide Step 4 Click on the Trusted sites icon. 10 P age
Step 5 If Default Level Button is not grayed out, click on it. If it is grayed out skip this step. Step 6 Click on the Sites button. Step 7 Type https://*.connect.cps.edu in the Add this website to this zone: and click on the Add button: This will add it to the Websites section. Click the Close button. 11 P age
This will add the Remote Access Web portal as a trusted site and will eliminate issues with accessing links under the Web section of the Remote Access home page. Step 8 ActiveX Installation You may be presented with a screen similar to one of those below. If this script appears,, click Install or right-click on the yellow horizontal bar, then left click on Install ActiveX. If you do not see these options or they do not work for you, click Click to run Sun Java applet. OR 12 P age
OR 13 P age
Step 9 Depending upon your settings you may be prompted to give additional permissions to the Check Point Deployment Shell installer. Please click Yes or Install to proceed. You will see a slightly different screen if you choose the Java applet method or if you are using a browser other than Internet Explorer. 14 P age
Step 10 Wait for the installer to finish. You will not see this step if you chose the Java applet method or you are using a browser other than Internet Explorer. Step 11 Once the installer has finished your Endpoint Security On Demand scanner will resume/restart. Wait for the scanner to finish. Upon finishing you will either be directed immediately to the login page or, if your system doesn t meet company policy, you will receive a page indicating the items that need to be fixed. Note: some items are required to be fixed while other items are optional, but strongly recommended. The screenshot below is an example of a failure to comply with company policies. 15 P age
Step 13 In the event the security scan failed, you must resolve the issues presented on the screen, otherwise you will be unable to use the Remote Access solution. Any harmful software identified from the security scan includes hyperlinks that provide suggestions for removing the offending piece of malware. ATTENTION: If your machine has failed the security scan please proceed with the following steps based on the machine type: If the machine is a CPS-owned laptop or desktop. If the security scan has failed on your CPS machine, follow the instructions provided when the security scan failed. If you continue to have difficulty resolving the issues identified on the security scan, contact the IT Service Desk at 773-553-3925, option 9. If the machine is your personal laptop or desktop. If the security scan has failed on your personal laptop, follow the instructions provided when the security scan failed. If you continue to have difficulty resolving the issues identified on the security scan, please locate an alternative technical support resource to assist you in finding a solution. 16 P age
Step 14 After your machine has successfully passed the security scan you will see the login screen below: Step 14 Enter in your CPS username and password. Step 15 Click the button to login to the remote access solution Step 16 Once logged in, depending on your preferences either the portal page will come up and the SSL Network Extender will be launched or you will need to click Connect,. Note: Be sure the pop-up blocker is turned off, either globally or for this site only. You may be prompted to give additional permissions (as shown below), in which case, click Yes or Continue. 17 P age
Step 17 Depending on your firewall settings, Internet Explorer may need to be allowed to communicate with CPS. To enable, click Allow access. 18 P age
Step 18 Upon successful login, you will be presented with the screen below. The links you see may be different depending upon your access levels.. Congratulations, you have completed the installation and sign in process for the new Remote Access Solution on your Windows Vista or Windows 7 Computer. If you experience issues with your installation please refer to the Remote Access Support Website (http://vpn.cps.k12.il.us) or contact the IT Service Desk at 773-553-3925, option 9. 3 Troubleshooting Issues On Windows Platforms If you are encountering issues while attempting to connect to the Remote Access solution, this section will give you general troubleshooting steps that can help to resolve the majority of issues. Follow the section corresponding to your internet browser. 3.1 Internet Explorer 1. Verify that your system meets minimum requirements as noted on http://vpn.cps.k12.il.us/ra_requirements.shtml. 2. Verify that you are not using the 64-bit version of Internet Explorer. For instructions on how to do this jump ahead to Verify Internet Explorer Version 3.3.1". 19 P age
3. Validate that Internet Explorer is not running in protected mode. For instructions on how to do this jump ahead to Internet Explorer Protected Mode 3.3.2. 4. Verify the VPN URL is added to your trusted sites. For instructions on how to do this jump ahead to Modifying Your Trusted Sites 3.3.3. 5. If enabled, Disable ActiveX Filtering in Internet Explorer 9 or higher. For instructions on how to do this jump ahead to Disabling ActiveX Filtering 3.3.4. 6. Try using another browser such as Firefox. Firefox can be downloaded from http://www.mozilla.org/en-us/firefox/new/. Be sure to install Java from www.java.com too! 7. Remove any toolbars as sometimes they have pop-up blockers or other security mechanisms that can interfere. 3.2 Non-Internet Explorer Browsers (Firefox, Chrome, etc.) 1. Verify that your system meets minimum requirements as noted on http://vpn.cps.k12.il.us/ra_requirements.shtml. 2. Verify that you are using a 32-bit browser. 3. Verify that you have Java installed. For instructions, visit www.java.com. This is a common issue, especially if the Remote Access solution works in Internet Explorer and not in other browsers. 4. Disable any pop-up blockers or add *.connect.cps.edu to the exception list. 5. Remove any toolbars as sometimes they have pop-up blockers or other security mechanisms that can interfere. 6. Try using Internet Explorer. 3.3 Issues and Resolutions 3.3.1 Verify Internet Explorer Version SYMPTOMS: Endpoint Security on Demand (ESOD) fails to fully run/scan. The progress bar may slow to a crawl at about a quarter or one-third of the way complete. SOLUTION: 1. Click on Help 2. Click About Internet Explorer. 3. You will see a box similar to the one below. If you see 64-bit Edition (noted in red below) then you are using the 64-bit edition of Internet Explorer, this is not compatible with the remote access solution. In which case, close the browser and run the 32-bit edition of Internet Explorer. NOTE: The 32-bit edition is called Internet Explorer and the 64-bit edition is called Internet Explorer (64-bit). 20 P age
3.3.2 Internet Explorer Protected Mode SYMPTOMS: Endpoint Security on Demand (ESOD) fails to run/scan or a message displays indicating you are in Protected Mode. SOLUTION: 4. Click on Trusted Sites 5. Uncheck Enable Protected Zone. 6. Click OK. 7. Restart all Internet Explorer Browsers. 3.3.3 Modifying Your Trusted Sites SYMPTOMS: Windows Vista or higher using Internet Explorer. Endpoint Security on Demand (ESOD) fails to run/scan or a message displays indicating the website must be added to the Trusted Sites zone. SOLUTION: 21 P age
1. Open up Internet Explorer. 2. Click Tools. 3. Click Internet Options. 4. Click the Security tab. 5. Click on Trusted Sites. 6. Click Sites. 7. Under "Add this website to the zone", type https://*.connect.cps.edu. 8. Click Add. 9. Click OK. 10. Click on Trusted Sites 11. Click Default Level. 12. Click OK. 13. Close the Internet Explorer browsers and re-attempt the connection. 3.3.4 Disabling ActiveX Filtering SYMPTOMS: You are using Internet Explorer 9 or higher and not able to load the ActiveX control. VERIFICATION: SOLUTION: 1. In Internet Explorer, click on Safety. Or press ALT+X while in Internet Explorer and move your mouse over 22 P age
2. Uncheck ActiveX Filtering. 3. Restart all Internet Explorer browsers. OR 1. In Internet Explorer, press ALT+X. 2. Move your mouse over Saftey. 3. Uncheck ActiveX Filtering. 4. Restart all Internet Explorer browsers. 3.3.5 Disabling Firefox Pop-up Blocker SYMPTOMS: A message was received indicating that a pop-up window was blocked and the user is using Firefox. SOLUTION: 1. In Firefox, click on Firefox. 2. Click on Options. 3. Click on Content, then uncheck Block pop-up windows. You may also add exceptions in as well. 23 P age
4. Click on OK. 5. Restart all Internet Explorer browsers. 3.3.6 Resetting the SSL Network Extender Fingerprint SYMPTOMS: User is not able to accept or install the SSL fingerprint. 24 P age
SOLUTION: Windows Vista/7 64-bit 1. Click Start. 2. In the search type cmd, but do not hit enter. 3. In the list above right-click on cmd.exe, then left-click on Run As Administrator. 4. Click Yes to any User Access Control (UAC) prompts. 5. Type reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\accepted_cn\*. connect.cps.edu /f 6. Type reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cpextender\accepted_ cn\*.connect.cps.edu /f 7. Press the ENTER key. 8. Re-attempt your connection to the vpn portal and click Yes or Accept to any prompts regarding the fingerprint. Windows Vista/7 32-bit 1. Click Start. 2. In the search type cmd, but do not hit enter. 3. In the list above right-click on cmd.exe, then left-click on Run As Administrator. 4. Click Yes to any User Access Control (UAC) prompts. 5. Type reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\accepted_cn\*.connect.cps.ed u /f 6. Type reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cpextender\accepted_ cn\*.connect.cps.edu /f 7. Press the ENTER key. 8. Re-attempt your connection to the vpn portal and click Yes or Accept to any prompts regarding the fingerprint. 3.3.7 Removing Toolbars SYMPTOMS: User is having trouble accessing all of the portal functions. SOLUTION: 1. Click Start. 2. Click Control Panel. You can also type this in the search box. 3. Click Programs, Programs and Features, or Add/Remove Programs. 25 P age
4. Scroll through the list, if you see a program with the word toolbar in its name click on it, then click uninstall. 5. Once you have reached the end of the list, close all browsers and re-attempt your connection to the Remote Access portal. 26 P age