Failing to connect to portal for particular user on Windows after upgrade

aarismendi — Sun, 24 Apr 2022 14:11:23 GMT

Hi, I recently started having issues with my account connecting from Windows after an upgrade. The account logs in fine still from MacOS. I've tried multiple Windows machines and all exhibit the same behavior. Creating a new test account worked from the same Windows machine. The device is a PA-3220 and was upgraded from 10.0.0.5 to 10.0.1.3. The GP version is 6.0.0, previously it was 5.2.10.

Is there any way to fix the original account or should it be delete/recreated to resolve?

Enclosed/below is a screenshot of the Wireshark packet capture which shows a TCP RST after the client/server SSL negotiation.

Here is the "----Gateway Login starts----" section of PanGPS.log where the error occurs. The error appears to be "unknown private header internal-error. Gateway <GATEWAY_FQDN>, status code -1". Note - environment specifics have been obsfuctated.

Set to service bUseCCUserGateway 0 and ccUserNameGateway
Update user name from <VPN_USERNAME> to <VPN_USERNAME>
OtpSaveCredential is save_credential
External network gateway without OTP authentication
Fallback portal user credential.
Roaming profile is false
profileInfo username DoD_Admin, profile path (null), server (null)
Unserialized empty cookie for portal <GATEWAY_FQDN> and user <VPN_USERNAME>
Unserialized empty cookie for portal <GATEWAY_FQDN> and pre-logon user.
bIsEmptyUser is 0, bDPGCforManualOnlyGateway is 0, bDPGCNotforManualOnlyGateway is 0
Gateway auth method: saml, auth src: IDP
Set to service bUseCCUserGateway 0 and ccUserNameGateway
m_nEncryptedPasswordLen is 0
Roaming profile is false
profileInfo username DoD_Admin, profile path (null), server (null)
Unserialized empty cookie for portal <GATEWAY_FQDN> and user <VPN_USERNAME>
Unserialized empty cookie for portal <GATEWAY_FQDN> and pre-logon user.
use cached deviceSN
Get preferred IPv4 for gateway <GATEWAY_IP> and user <VPN_USERNAME>
Get preferred IPv6 for gateway <GATEWAY_IP> and user <VPN_USERNAME>
Actual user for gateway login is <DOMAIN_NAME>\<VPN_USERNAME>
Gateway selection type is auto
use cached deviceSN
Need to check gateway cert for <GATEWAY_FQDN>
encpostdata, encpostdata=000001E15B0439E0, encpostdatalen=688
REQID=22,IPADDR=<GATEWAY_FQDN>,PORT=443,URL=/ssl-vpn/login.esp,POST=1,PROXY_AUTO=0,PROXY_CFGURL=NULL,PROXY=NULL,PROXY_BYPASS=NULL,PROXY_USER=NULL,PROXY_PASS=****,VERIFY_CERT=0,ADDITIONAL_CHECK=1,SCEP_CERT=,oid=
Send response to client for request https_request
receive pan_msg_ping, 1
Status code: -1, private header: internal-error
unknown private header internal-error. Gateway <GATEWAY_FQDN>, status code -1
pszXmlConfig is NULL. 4278
pszXmlConfig is NULL, m_bInvalidUserCredential is false.
Failed to retrieve info for gateway <GATEWAY_FQDN>.
tunnel to <GATEWAY_FQDN> is not created.
NetworkDiscoverThread: failed to discover external network.
Network discovery failed, set error as The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.
--Set state to Disconnected
Setting debug level to 5
NetworkDiscoverThread: PortalStatus is 1, HasLoggedOnGateway is 0
Network discovery is not ready, set GP VPN status as disconnected
SetVpnStatus called with new status=0, Previous Status=0
UpdatePrelogonStateForSSO() - tunnel state = Disconnected
msgtype = disable

topic Failing to connect to portal for particular user on Windows after upgrade in GlobalProtect Discussions

Failing to connect to portal for particular user on Windows after upgrade