topic Problem with GlobalProtect after certificate renew in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/problem-with-globalprotect-after-certificate-renew/m-p/474297#M2602 <P>Hello there,</P><P>Yesterday our certificates used for GlobalProtect expired. I reneved them like last time and then - we lost possibility to connect to our institution from endpoints. Nothing more were changed.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.jpg" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39737iD5CE13D3B6B7F273/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="1.jpg" alt="1.jpg" /></span></P><P>&nbsp;</P><P>Error seen on endpoint:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="3.png" style="width: 200px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39740iBA1D2D4C8E593129/image-size/small/is-moderation-mode/true?v=v2&amp;px=200" role="button" title="3.png" alt="3.png" /></span></P><P>&nbsp;</P><P>Now nobody can connect via GlobalProtect using AD credentials.&nbsp;</P><P>Currently our settings in Agent config looks like:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.jpg" style="width: 799px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39738iFEF05F2B67F31FBD/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="2.jpg" alt="2.jpg" /></span></P><P>When I set user settings to "Any" GlobalProtect starts to work again, but we cannot have this set to "Any" cos we must have control who have possibility to connect to company actually.</P><P>&nbsp;</P><P>I have no idea what can I do to make this work again.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 18 Mar 2022 08:46:35 GMT Damiano 2022-03-18T08:46:35Z Problem with GlobalProtect after certificate renew https://live.paloaltonetworks.com/t5/globalprotect-discussions/problem-with-globalprotect-after-certificate-renew/m-p/474297#M2602 <P>Hello there,</P><P>Yesterday our certificates used for GlobalProtect expired. I reneved them like last time and then - we lost possibility to connect to our institution from endpoints. Nothing more were changed.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.jpg" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39737iD5CE13D3B6B7F273/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="1.jpg" alt="1.jpg" /></span></P><P>&nbsp;</P><P>Error seen on endpoint:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="3.png" style="width: 200px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39740iBA1D2D4C8E593129/image-size/small/is-moderation-mode/true?v=v2&amp;px=200" role="button" title="3.png" alt="3.png" /></span></P><P>&nbsp;</P><P>Now nobody can connect via GlobalProtect using AD credentials.&nbsp;</P><P>Currently our settings in Agent config looks like:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.jpg" style="width: 799px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39738iFEF05F2B67F31FBD/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="2.jpg" alt="2.jpg" /></span></P><P>When I set user settings to "Any" GlobalProtect starts to work again, but we cannot have this set to "Any" cos we must have control who have possibility to connect to company actually.</P><P>&nbsp;</P><P>I have no idea what can I do to make this work again.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 18 Mar 2022 08:46:35 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/problem-with-globalprotect-after-certificate-renew/m-p/474297#M2602 Damiano 2022-03-18T08:46:35Z Re: Problem with GlobalProtect after certificate renew https://live.paloaltonetworks.com/t5/globalprotect-discussions/problem-with-globalprotect-after-certificate-renew/m-p/474327#M2603 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/213189">@Damiano</a>&nbsp;<BR />May I know what is the Authentication which you are using like LDAP, SAML, Radius or any other method?<BR />Can you check how is the firewall creating the IP-to-User mapping while having the 'user/user group' set as 'Any'? ----&gt;run the following command after user is connected '<EM>show user ip-user-mapping all type GP'</EM><BR />The way you have added the user is called as 'sAMAccountName'. However, the mapping can be also learned in different ways such as UPN format (udername@domain.com) or simply just the username.<BR />If the mapping is learned in a different format we can try checking the below document.<BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boHMCAY" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boHMCAY</A></P> Fri, 18 Mar 2022 11:15:56 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/problem-with-globalprotect-after-certificate-renew/m-p/474327#M2603 ahandoo 2022-03-18T11:15:56Z