Bluescreen with Juniper VPN driver

  • Hello,

    I am developing filter network drivers for Windows, and recently I noticed that there is an issue with Juniper VPN driver on a Windows client machine. The problem touches drivers from series NEOFLTR*.sys, i.e., for example, NEOFLTR_650_14951.sys.

    To make long story short, I noticed that sometimes I got ocassional BSODs at customer which points to NEOFLTR_650_14951.sys as a guilty driver in MEMORY.DMP. I decided to setup Driver Verifier to check Juniper driver in order to locate the issue.

    According to Microsoft MSDN documentation

    Driver Verifier can identify conditions such as memory corruption, mishandled I/O request packets (IRPs), invalid direct memory access (DMA) buffer usage, and possible deadlocks.

    And according to: :

    “you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver

    Juniper VPN is using a kernel mode driver to fulfill its operations. If Driver Verifier is set to verify Juniper driver, the Windows detects problems caused by Juniper driver and asserts with BSOD …

    The following test case helps to illustrate problem in a clean Windows 7 x64:

    1. Install Juniper VPN client (usually you do this by going to web site and install activex which installs Juniper Client driver)

    2. Go to folder C:\WINDOWS\system32\drivers\ and locate file NEOFLTR*. In my case it is NEOFLTR_650_14951.sys . It may differ in your case, but the same structure will be kept, i.e. NEOFLTR*.sys

    3. Open cmd line and run (you have to specify the exact driver name which is seen on your machine):

    verifier /flags 0xff /driver NEOFLTR_650_14951.sys

    1. Reboot machine

    2. Initiate a VPN connection, open SSH connection. Machine will experience a BSOD because Driver Verifier detected errors in Juniper driver

    3. Reboot machine, open cmd and type: verifier /reset

    It seems like the same happening in clean Windows XP SP3 and in Vista. Can this description be transferred into a ticket for Juniper to solve? If so, how can I create a ticket and get it’s status?

    Thank you for any hints & ideas.

  • Hi I am seeing this on server 2003 running 6.5 version of WSAM.  Has there been any resolution to this? or is upgrading the only solution? Also can you run 7.1 WSAM client and connect to a 6.5.x SA?

  • Funny you should say that 🙂

    I did the same thing a couple of weeks ago.

    My problem now is that my company has 2 VPNs with different versions of the Juniper software (a result of an acquisition) and the software reinstalls when switching from one VPN to the other, thereby re-enabling the faulty driver, so even disabling the driver doesn’t always work!

    I need to restrict access to the driver registry key 🙂

  • I ran into this issue and I ended up disabling the driver and making sure my agent’s VPN software still worked. Everything seems fine so far

  • Additional info: the uninstaller leaves a hidden non plug and play driver installed so despite uninstalling the software my machine still blue screens until I manually delete the driver from Device Manager.  Driver is neofltr_7110_21187.

  • This is still an issue with Windows 7 x64 Enterprise Edition with Service Pack 1. It is the only software that blue screens my new Dell Latitude E6520 laptop.

  • Hello, has there been any resolution to this?  I am working at a client site that uses Juniper for its VPN and it keeps BOD my laptop.