You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > Remote Access > VPN Tunneling > Network Connect Launcher (NC Launcher) Overview

Network Connect Launcher (NC Launcher) Overview

The Network Connect Launcher is a client-side command-line utility that maintains a very small footprint. You can bundle NC Launcher with other applications that need an operational Network Connect client. Bundling the NC Launcher with other applications allows you to be confident that the end user can access these applications without difficulty. The NC Launcher allows you to initiate an NC session with a script, batch file, or a call from an application, without using a graphical user interface.

Note: The NC Launcher does not support the role mapping option Users must select from assigned Roles when more than one role is assigned to a user. If you use NC Launcher and more than one role can be assigned to a user, you must choose to either Merge settings for all assigned roles or you must choose the option that forces the User to select the sets of merged roles assigned by each rule.

To use the NC Launcher:

  1. Write a script, batch file or application to call the NC Launcher.
  2. Include a call to the NC Launcher executable.

    The NC Launcher command syntax is:

    nclauncher.exe [-version|-help|-stop|-signout] -u user -p password -url url -r realm -ir [true | false] -t seconds -c certificate-name -d DSID




Displays the NC Launcher version information, then exits.


Displays available arguments information.

-u user

Specifies the username.

-p password

Specifies the password for authentication.

-url url

Specifies the system URL information.

-r realm

Specifies the realm to which the system submits the user’s credentials.

-ir [true | false]

Specifies whether to avoid client-side certificate revocation list on the client.

-t seconds

How long to wait for the NC tunnel to establish (in seconds).

-c certificate-name

Specifies the certificate to use for user authentication instead of a username and password. For certificate-name use the string specified in the Issued To field of the certificate.

To use certificate authentication with NC Launcher, you must first configure the system to allow the user to sign in via user certificate authentication. You must also configure a trusted client CA on the system and install the corresponding client-side certificate in the Web browsers of your end users before running NC Launcher.

When using the -c argument, also specify the -url and -r arguments.

If the certificate is invalid, NC Launcher displays an error message on the command line and logs a message in the nclauncher.log file.


Passes a cookie to NC Launcher from another authentication mechanism when NC Launcher starts


Terminates NC tunnel and signs out current user.


Terminates NC tunnel.

Note: nclauncher does not support secondary authentication.

For example, you might distribute a simple login application to your end users. The application might capture the end user's username and password, the system resource they are trying to reach, and the realm to which they are assigned.

In this example, you need to write a script or add logic to your application to capture the credentials the end user enters, and pass the credentials as the arguments to the nclauncher.exe, as follows:

nclauncher.exe -u JDoe -p my$Pass84 -url -r User

Table 98 lists the possible return codes nclauncher returns when it exits.

Table98: nclauncher Return Codes




(-Stop/-Signout) Network Connect is not running. System error occurred.


Network Connect started.


Invalid arguments.


Network Connect is unable to connect to the Secure Gateway.


Network Connect is unable to authenticate with the server.


The specified role is invalid or does not exist


Network Connect cannot run because a required pre-authentication application could not be started.


Network Connect installation failed.


Network Connect was unable to perform a required software upgrade.


The server to which you are trying to connection does not support this feature.


Network Connect failed to authenticate the client certificate.


Network Connect failed to authenticate the client certificate because the certificate is invalid.


Network Connect failed to authenticate the client certificate because the certificate has expired.


Network Connect failed to authenticate the client certificate because the certificate has been revoked.


Host Checker policy failed.

If Network Connect is launched through a browser, certificate verification is taken care of by the browser. Similarly, if Network Connect is launched through the standalone application on Windows, certificate verification is handled by the application. However, if Network Connect is launched through nclauncher on Windows, nclauncher handles the expired or revoked client certificates.

Related Topics