Have to reboot globalprotect client to connect.

fmurray — Thu, 12 Jan 2017 23:26:07 GMT

WE have a problem with globalprotect- The users sometimes need to disable the globalprotect client in order to connect to another VPN. Later when the globalprotect client is re-enabled, any attempt to authenticate immediately returns a username/password invalid error. If the user reboots the computer, the globalprotect client works first try.

Some users have the same problem if their computer goes into sllep mode- after waqking the computer up, the authentication fails until the computer is restarted. After that it works fine.

Any ideas?

Here's log before reboot:

2017-01-12 14:26:23.046 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1540): Receive request: msg type PAN_AUTH_REQ_REMOTE_INIT_AUTH, conv id 79, body length 2156
2017-01-12 14:26:23.046 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1563): Trying to authenticate: <profile: "Remote_ail(pan_auth_util.c:921): "fmurray" is a non-admin user with auth profile "Remote_Acess_Sequence" and vsys "vsys1"
2017-01-12 14:26:23.046 -0800 debug: _get_authseq_profile(pan_auth_util.c:809): Auth profile/vsys (Remote_Acess_Sequence/vsys1) is auth sequence
2017-01-12 14:26:23.046 -0800 debug: _populate_authseq_auth_vec_n_vsys_vec(pan_auth_util.c:756): auth sequence "Remote_Acess_Sequence"
enabled flag: use-domain-find-profile2017-01-12 14:26:23.046 -0800 debug: _has_domain_in_request(pan_auth_util.c:692): Extracted domain info "coanaheim" from user name "fmurray"
2017-01-12 14:26:23.046 -0800 debug: _get_auth_prof_id_in_seq_by_domain(pan_auth_util.c:726): Extracted domain info "coanaheim" from user input = user domain of profile/vsys: "RemoteAccess-LDAP/vsys1" in auth sequence
2017-01-12 14:26:23.046 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1616): Using auth seq, saving original username fmurray from request
2017-01-12 14:26:23.047 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:260): This is a single vsys platform, group check for allow list is performed on "vsys1"
2017-01-12 14:26:23.047 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:263): user "fmurray" is a member of group "cn=domain users,cn=users,dc=anaheim,dc=intranet" on single vsys
2017-01-12 14:26:23.047 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:271): user "fmurray" is in allow list of auth prof/vsys "RemoteAccess-LDAP/vsys1"
2017-01-12 14:26:23.047 -0800 debug: pan_allowlist_request_process(pan_auth_allow_lock.c:87): user "fmurray" is a member of "cn=domain users,cn=users,dc=anaheim,dc=intranet" in allow list of auth prof "RemoteAccess-LDAP"
2017-01-12 14:26:23.047 -0800 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1068): Authenticating user "fmurray" with <profile: "RemoteAccess-LDAP", vsys: "vsys1">, which is Auth Profile 1 of 2 in <sequence "Remote_Acess_Sequence", vsys "vsys1">
2017-01-12 14:26:23.047 -0800 debug: pan_auth_service_get_svr_ids(pan_auth_service.c:630): find auth server id vector for RemoteAccess-LDAP-vsys1
2017-01-12 14:26:23.047 -0800 debug: _get_AD_maxPwdAge(pan_authd_shared_ldap.c:658): getting maxPwdAge attr from AD with LDAD pointer = 0x9843eb0...
2017-01-12 14:26:23.048 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry DC=anaheim,DC=intranet
2017-01-12 14:26:23.048 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: maxPwdAge
2017-01-12 14:26:23.048 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:330): AD : Got value maxPwdAge : 77760000000000
2017-01-12 14:26:23.048 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:965): searching basedn "DC=anaheim,DC=intranet
" for filter "(sAMAccountName=fmurray)", attrs "framedIPAddress", LDAPp=0x9843eb0
2017-01-12 14:26:23.048 -0800 Error: _send_async_ldap_search(pan_authd_shared_ldap.c:629): Failed to search. filter (sAMAccountName=fmurray), attr[0] framedIPAddress. error code: -7, (Bad search filter)
2017-01-12 14:26:23.048 -0800 Error: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:971): send userdn search request
2017-01-12 14:26:23.048 -0800 Error: _start_sync_auth(pan_auth_service_handle.c:578): sync request for user "fmurray" is fai
led or possibly timed out against 172.20.1.36:389 with 0th VOIDp=0x9843eb0
2017-01-12 14:26:23.048 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2337): auth status: auth state unknown
2017-01-12 14:26:23.048 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2470): Auth sequence, start to try next auth profile: <profile: "PD_RemoteAccess-LDAP", vsys: "vsys1"> for user "fmurray"
2017-01-12 14:26:23.048 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1540): Receive request: msg type PAN_AUTH_REQ_REMOTE_INIT_AUTH, conv id 79, body length 2156
2017-01-12 14:26:23.048 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1556): Using auth sequence, copying original username fmurray into request
2017-01-12 14:26:23.048 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1563): Trying to authenticate: <profile: "Remote_Acess_Sequence", vsys: "vsys1", username "fmurray">
2017-01-12 14:26:23.048 -0800 debug: _get_auth_prof_detail(pan_auth_util.c:921): "fmurray" is a non-admin user with auth profile "Remote_Acess_Sequence" and vsys "vsys1"
2017-01-12 14:26:23.049 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:260): This is a single vsys platform, group check for allow list is performed on "vsys1"
2017-01-12 14:26:23.049 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:263): user "fmurray" is a member of group "cn=domain users,cn=users,dc=anaheim,dc=intranet" on single vsys
2017-01-12 14:26:23.049 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:271): user "fmurray" is in allow list of auth prof/vsys "PD_RemoteAccess-LDAP/vsys1"
2017-01-12 14:26:23.049 -0800 debug: pan_allowlist_request_process(pan_auth_allow_lock.c:87): user "fmurray" is a member of "cn=domain users,cn=users,dc=anaheim,dc=intranet" in allow list of auth prof "PD_RemoteAccess-LDAP"
2017-01-12 14:26:23.049 -0800 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1068): Authenticating user "fmurray" with <profile: "PD_RemoteAccess-LDAP", vsys: "vsys1">, which is Auth Profile 2 of 2 in <sequence "Remote_Acess_Sequence"
, vsys "vsys1">
2017-01-12 14:26:23.049 -0800 debug: pan_auth_service_get_svr_ids(pan_auth_service.c:630): find auth server id vector for PD_RemoteAccess-LDAP-vsys1
2017-01-12 14:26:23.049 -0800 debug: _get_AD_maxPwdAge(pan_authd_shared_ldap.c:658): getting maxPwdAge attr from AD with LDAD pointer = 0xeeb04248...
2017-01-12 14:26:23.051 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry DC=pd,DC=anaheim,DC=intranet
2017-01-12 14:26:23.051 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: maxPwdAge
2017-01-12 14:26:23.051 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:330): AD : Got value maxPwdAge : 77760000000000
2017-01-12 14:26:23.051 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:965): searching basedn "DC=pd,DC=anaheim,DC=intranet" for filter "(sAMAccountName=fmurray)", attrs "framedIPAddress", LDAPp=0xeeb04248
2017-01-12 14:26:23.051 -0800 Error: _send_async_ldap_search(pan_authd_shared_ldap.c:629): Failed to search. filter (sAMAccountName=fmurray), attr[0] framedIPAddress. error code: -7, (Bad search filter)
2017-01-12 14:26:23.051 -0800 Error: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:971): send userdn search request
2017-01-12 14:26:23.051 -0800 Error: _start_sync_auth(pan_auth_service_handle.c:578): sync request for user "fmurray" is failed or possibly timed out against 10.2.32.121:389 with 0th VOIDp=0xeeb04248
2017-01-12 14:26:23.051 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2337): auth status: auth state unknown
2017-01-12 14:26:23.051 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2479): Auth sequence, all auth profiles tried and failed: <sequence profile: "Remote_Acess_Sequence", vsys: "vsys1"> for user "fmurray"
2017-01-12 14:26:23.051 -0800 failed authentication for user 'fmurray'. Reason: Invalid username/password auth profile 'Remote_Acess_Sequence', vsys 'vsys1', server profile 'PD_SSL_VPN_PRIFILE', server address '10.2.32.121', From: 70.197.73.40.
2017-01-12 14:26:23.051 -0800 debug: _log_auth_respone(pan_auth_server.c:240): Sent FAILED auth response for user 'fmurray' (exp_in_days=-1 (-1 never; 0 within a day))

Here's the log after reboot:

2017-01-12 14:30:03.532 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1540): Receive request: msg type PAN_AUTH_REQ_REMOTE_INIT_AUTH, conv id 80, body length 2156
2017-01-12 14:30:03.532 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1563): Trying to authenticate: <profile: "Remote_Acess_Sequence", vsys: "vsys1", username "fmurray">
2017-01-12 14:30:03.532 -0800 debug: _get_auth_prof_detail(pan_auth_util.c:921): "fmurray" is a non-admin user with auth profile "Remote_Acess_Sequence" and vsys "vsys1"
2017-01-12 14:30:03.532 -0800 debug: _get_authseq_profile(pan_auth_util.c:809): Auth profile/vsys (Remote_Acess_Sequence/vsys1) is auth sequence
2017-01-12 14:30:03.532 -0800 debug: _populate_authseq_auth_vec_n_vsys_vec(pan_auth_util.c:756): auth sequence "Remote_Acess_Sequence" enabled flag: use-domain-find-profile2017-01-12 14:30:03.532 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1616): Usingving original username fmurray from request
2017-01-12 14:30:03.533 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:260): This is a single vsys platform, group check for allow list is performed on "vsys1"
2017-01-12 14:30:03.533 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:263): user "fmurray" is a member of group "cn=domain users,cn=users,dc=anaheim,dc=intranet" on single vsys
2017-01-12 14:30:03.533 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:271): user "fmurray" is in allow list of auth prof/vsys "RemoteAccess-LDAP/vsys1"
2017-01-12 14:30:03.533 -0800 debug: pan_allowlist_request_process(pan_auth_allow_lock.c:87): user "fmurray" is a member of "cn=domain users,cn=users,dc=anaheim,dc=intranet" in allow list of auth prof "RemoteAccess-LDAP"
2017-01-12 14:30:03.533 -0800 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1068): Authenticating user "fmurray" with <profile: "RemoteAccess-LDAP", vsys: "vsys1">, which is Auth Profile 1 of 2 in <sequence "Remote_Acess_Sequence", vsys "vsys1">
2017-01-12 14:30:03.533 -0800 debug: pan_auth_service_get_svr_ids(pan_auth_service.c:630): find auth server id vector for RemoteAccess-LDAP-vsys1
2017-01-12 14:30:03.533 -0800 debug: _get_AD_maxPwdAge(pan_authd_shared_ldap.c:658): getting maxPwdAge attr from AD with LDAD pointer = 0x9843eb0...
2017-01-12 14:30:03.534 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry DC=anaheim,DC=intranet
2017-01-12 14:30:03.534 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: maxPwdAge
2017-01-12 14:30:03.534 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:330): AD : Got value maxPwdAge : 77760000000000
2017-01-12 14:30:03.534 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:965): searching basedn "DC=anaheim,DC=intranet" for filter "(sAMAccountName=fmurray)", attrs "framedIPAddress", LDAPp=0x9843eb0
2017-01-12 14:30:03.535 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: cn
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: userAccountControl
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:337): AD : Got value userAccountControl : 512
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: pwdLastSet
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:320): AD : Got value pwdLastSet : 131226705754141950
2017-01-12 14:30:03.535 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1029): Received user DN: "CN=Frank Murray,OU=Nor,DC=anaheim,DC=intranet"
2017-01-12 14:30:03.535 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1052): DN sent to LDAP server: CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet
2017-01-12 14:30:03.537 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1077): User "fmurray" is ACCEPTED (msgid = 10, LDAPp=0x9843eb0)
2017-01-12 14:30:03.537 -0800 debug: _get_AD_passwd_exp_in_days(pan_authd_shared_ldap.c:79): userAccountControl = 512 (not never expire)
2017-01-12 14:30:03.537 -0800 pwdlastset: 13122670575
2017-01-12 14:30:03.537 -0800 debug: _get_AD_passwd_exp_in_days(pan_authd_shared_ldap.c:139): AD pwd expires in days 20
2017-01-12 14:30:03.537 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1086): Got user expire-in-days: -1 (-1 means no expiration), passwd_exp in auth profile: 7
2017-01-12 14:30:03.537 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1131): binding back to PaloAltoServices@anaheim.intranet
2017-01-12 14:30:03.537 -0800 debug: pan_authd_ldap_bind(pan_authd_shared_ldap.c:569): binding with binddn PaloAltoServices@anaheim.intranet
2017-01-12 14:30:03.539 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2337): auth status: auth success
2017-01-12 14:30:03.539 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2397): Authentication success: <profile: "RemoteAccess-LDAP", vsys: "vsys1", username "fmurray">
2017-01-12 14:30:03.540 -0800 authenticated for user 'fmurray'. auth profile 'Remote_Acess_Sequence', vsys 'vsys1', server profile 'SSL_VPN_PROFILE', server address '172.20.1.36', From: 70.197.73.40.
2017-01-12 14:30:03.541 -0800 debug: _log_auth_respone(pan_auth_server.c:240): Sent SUCCESS auth response for user 'fmurray' (exp_in_days=-1 (-1 never; 0 within a day)) (return domain 'coanaheim')
2017-01-12 14:30:04.005 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1540): Receive request: msg type PAN_AUTH_REQ_REMOTE_INIT_AUTH, conv id 81, body length 2156
2017-01-12 14:30:04.005 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1563): Trying to authenticate: <profile: "Remote_Acess_Sequence", vsys: "vsys1", username "fmurray">
2017-01-12 14:30:04.005 -0800 debug: _get_auth_prof_detail(pan_auth_util.c:921): "fmurray" is a non-admin user with auth profile "Remote_Acess_Sequence" and vsys "vsys1"
2017-01-12 14:30:04.005 -0800 debug: _get_authseq_profile(pan_auth_util.c:809): Auth profile/vsys (Remote_Acess_Sequence/vsys1) is auth sequence
2017-01-12 14:30:04.005 -0800 debug: _populate_authseq_auth_vec_n_vsys_vec(pan_auth_util.c:756): auth sequence "Remote_Acess_Sequence" enabled flag: use-domain-find-profile2017-01-12 14:30:04.005 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1616): Using auth seq, saving original username fmurray from request
2017-01-12 14:30:04.005 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:260): This is a single vsys platfo
rm, group check for allow list is performed on "vsys1"
2017-01-12 14:30:04.005 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:263): user "fmurray" is a member o
f group "cn=domain users,cn=users,dc=anaheim,dc=intranet" on single vsys
2017-01-12 14:30:04.005 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:271): user "fmurray" is in allow l
ist of auth prof/vsys "RemoteAccess-LDAP/vsys1"
2017-01-12 14:30:04.005 -0800 debug: pan_allowlist_request_process(pan_auth_allow_lock.c:87): user "fmurray" is a member of "cn=domain
users,cn=users,dc=anaheim,dc=intranet" in allow list of auth prof "RemoteAccess-LDAP"
2017-01-12 14:30:04.006 -0800 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1068): Authenticating user "fmur
ray" with <profile: "RemoteAccess-LDAP", vsys: "vsys1">, which is Auth Profile 1 of 2 in <sequence "Remote_Acess_Sequence", vsys "vsys1
">
2017-01-12 14:30:04.006 -0800 debug: pan_auth_service_get_svr_ids(pan_auth_service.c:630): find auth server id vector for RemoteAccess-
LDAP-vsys1
2017-01-12 14:30:04.006 -0800 debug: _get_AD_maxPwdAge(pan_authd_shared_ldap.c:658): getting maxPwdAge attr from AD with LDAD pointer =
0x9843eb0...
2017-01-12 14:30:04.007 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry DC=anaheim,DC=intranet
2017-01-12 14:30:04.007 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: maxPwdAge
2017-01-12 14:30:04.007 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:330): AD : Got value maxPwdAge : 77760000000000
2017-01-12 14:30:04.007 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:965): searching basedn "DC=anaheim,DC=intranet
" for filter "(sAMAccountName=fmurray)", attrs "framedIPAddress", LDAPp=0x9843eb0
2017-01-12 14:30:04.008 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: cn
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: userAccountControl
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:337): AD : Got value userAccountControl : 512
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: pwdLastSet
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:320): AD : Got value pwdLastSet : 131226705754141950
2017-01-12 14:30:04.008 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1029): Received user DN: "CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet"
2017-01-12 14:30:04.008 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1052): DN sent to LDAP server: CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet
2017-01-12 14:30:04.010 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1077): User "fmurray" is ACCEPTED (msgid = 14, LDAPp=0x9843eb0)
2017-01-12 14:30:04.010 -0800 debug: _get_AD_passwd_exp_in_days(pan_authd_shared_ldap.c:79): userAccountControl = 512 (not never expire)
2017-01-12 14:30:04.010 -0800 pwdlastset: 13122670575
2017-01-12 14:30:04.010 -0800 debug: _get_AD_passwd_exp_in_days(pan_authd_shared_ldap.c:139): AD pwd expires in days 20
2017-01-12 14:30:04.010 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1086): Got user expire-in-days: -1 (-1 means no expiration), passwd_exp in auth profile: 7
2017-01-12 14:30:04.010 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1131): binding back to PaloAltoServices@anaheim.intranet
2017-01-12 14:30:04.010 -0800 debug: pan_authd_ldap_bind(pan_authd_shared_ldap.c:569): binding with binddn PaloAltoServices@anaheim.intranet
2017-01-12 14:30:04.011 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2337): auth status: auth success
2017-01-12 14:30:04.011 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2397): Authentication success: <profile: "Remote
Access-LDAP", vsys: "vsys1", username "fmurray">
2017-01-12 14:30:04.011 -0800 authenticated for user 'fmurray'. auth profile 'Remote_Acess_Sequence', vsys 'vsys1', server profile 'SSL_VPN_PROFILE', server address '172.20.1.36', From: 70.197.73.40.
2017-01-12 14:30:04.011 -0800 debug: _log_auth_respone(pan_auth_server.c:240): Sent SUCCESS auth response for user 'fmurray' (exp_in_days=-1 (-1 never; 0 within a day)) (return domain 'coanaheim')
2017-01-12 14:30:04.036 -0800 debug: authd_sysd_localprofile_callback(pan_auth_sysd.c:706): localprofile sync triggered via sysd
2017-01-12 14:30:04.036 -0800 debug: authd_sysd_localprofile_callback(pan_auth_sysd.c:726): get local info for vsys1/Remote_Acess_Sequence
2017-01-12 14:30:04.036 -0800 Error: pan_authd_profile_is_local(pan_auth_util.c:1115): get auth profile setting for profile Remote_Ace
ss_Sequence

Re: Have to reboot globalprotect client to connect.

sjhwilkes — Wed, 25 Jan 2017 23:57:34 GMT

Yes I have this issue and a restart of PanGPS service is enough. I still need to figure out a better solution though. Trying different builds of GP right now. 7.1.5 I couldn't make work at all. 7.1.0 works with this issue. Need to find time to try the versions in between.

Re: Have to reboot globalprotect client to connect.

sjhwilkes — Thu, 26 Jan 2017 21:11:02 GMT

Our probelm is with 3.1.5 and 3.1.0, 3.1.3 works OK.

I think it's a bug with the way 'Allow User to Continue with Invalid Portal Server Certificate' is handled.

I'm currently testing on a temporary IP/Domain name so my cert isn't right.

Re: Have to reboot globalprotect client to connect.

OtakarKlier — Fri, 27 Jan 2017 14:32:03 GMT

Hello,

I have a similar issue with the 3.1.5 client. Once I went back to the 3.1.3 everything was good again. Looks like a bug to me.

Regards,

topic Re: Have to reboot globalprotect client to connect. in General Topics

Have to reboot globalprotect client to connect.

Re: Have to reboot globalprotect client to connect.

Re: Have to reboot globalprotect client to connect.

Re: Have to reboot globalprotect client to connect.

Re: Have to reboot globalprotect client to connect.

Re: Have to reboot globalprotect client to connect.