Synopsis/Title:

Microsoft Hot Fix required for Windows XP SP2 to correct an incompatibility with Juniper Networks NetScreen SSL-VPN products

Issue:

The Juniper Networks engineering team has been regularly monitoring the Release Candidates of Microsoft's Windows XP SP2 to ensure compatibility with Juniper Networks NetScreen SSL-VPN products. However, changes in the latest version of SP2 released on August 6, 2004 resulted in a compatibility issue that our engineering team reported to Microsoft. Microsoft confirmed the reported issue, and released a Hot Fix on August 17, 2004.

Windows XP SP2 does not correctly handle loopback interface addresses other than 127.0.0.1. As a result, the following applications do not work properly with Windows XP SP2 unless the Hot Fix has also been installed:

• WSAM (with or without NetBIOS)
• JSAM
• Windows Terminal Services
• Citrix (ICA)

The following applications are unaffected, and will operate properly with Windows XP SP2 whether or not the Hot Fix has been installed:

• Network Connect
• Secure Meeting
• OWA
• iNotes
• WRQ
• HOB
• Citrix (Java version)
• iNotes Web Mail
• Pass-Through Proxy
• SIMAP, SMTP, and SPOP Mail Proxies
• Cache Cleaner and Host Checker
• General file and web browsing

Solution:

Customers using Juniper Networks Netscreen SSL-VPN products with any of the affected applications should install the Microsoft HotFix after upgrading to Windows XP SP2. The version of Windows XP SP2 released on August 6, 2004 is not supported by Juniper Networks SSL-VPN products unless the Hot Fix has also been installed.

This bulletin will be updated as additional information becomes available.

Implementation:

If you have not already upgraded Windows XP SP2, we recommend that you do not install SP2 at this time. If you have already upgraded to Windows XP SP2, we recommend that you:

• uninstall the SP2 update, or
• Install the Hot Fix

There is no other known workaround on the SSL-VPN product at this time.