When installing or upgrading the Network Connect (NC) client on Mac OS X the installation fails with the error message "An error occurred while extracting one of the Network Connect components."
This issue is known to affect the following Mac OS X versions with the noted Java updates:
Mac OS X 10.5.6 and higher with Java for Mac OS X 10.5 update 6
Mac OS X 10.6.x and higher with Java for Mac OS X 10.6 update 1
NC fails to install on Mac OS X with error message "An error occurred while extracting one of the Network Connect components"
| Knowledge Base ID: | KB16134 |
| Version: | 5.0 |
| Published: | 22 Jun 2010 |
| Updated: | 22 Jun 2010 |
| Categories: |
 Network Connect SSL VPN SSL_VPN_(IVE_OS) |
Problem or Goal:
This problem will occur if you install:
- Java for Mac OS X 10.5 Update 6 (Please refer to Apple support: HT3891 for details regarding this update).
or
- Java for Mac OS X 10.6 Update 1 (Please refer to Apple support: DL972 for details regarding this update).
In the above-referenced Java updates, the keystore password for the “cacerts” file on Mac OS X was changed from the default Sun password of “changeit” to “changeme”.
On Mac OS X 10.5 and 10.6 the “cacerts” file, or system certificate store, is located in:
/System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/Contents/Home/lib/security/cacerts
This change prevents the Network Connect installer package from completing the installation process. During installation Network Connect attempts to read from the Mac OS X system certificate store to obtain the list of CA certificates stored here and assumes the password is “changeit”. Access to the "cacerts" file is denied with the following Java Exception error occurs:
java.io.IOException: Keystore was tampered with, or password was incorrect.
The installation cannot continue and the Network Connect installer displays the following error to the end-user:
This issue has been reported to Apple as a bug. Please refer to http://lists.apple.com/archives/java-dev/2009/Dec/msg00093.html for more details.
Juniper has released a fix for this issue in the following maintenance releases:
6.4R5
6.5R3
Workaround:
Mac OS X 10.5 and 10.6 users who have installed the Java update and are not able to install or run Network Connect as a result of this issue can implement the following workaround:
Change the keystore password back to “changeit” using the following command from the Terminal:
Once changed, reinstall Network Connect.
Purpose:6.4R5
6.5R3
Workaround:
Mac OS X 10.5 and 10.6 users who have installed the Java update and are not able to install or run Network Connect as a result of this issue can implement the following workaround:
Change the keystore password back to “changeit” using the following command from the Terminal:
(Please note that in this example, there is a character return after '-keystore' which should not be included in the actual command. Instead, there should be a single space after '-keystore' and before '/System/Library/....' when the command is entered into the Terminal).
sudo keytool -storepasswd -new changeit -keystore
/System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/Contents/Home/lib/security/cacerts -storepass changemeOnce changed, reinstall Network Connect.
Installation
