GP: "Matching Client Config Not Found" when trying to connect

Reply
L1 Bithead

GP: "Matching Client Config Not Found" when trying to connect

Heya Gurus!

I'm running into an issue that I can't seem to figure out.  I helped a client migrate a firewall over from Checkpoint to PAN.  A few false starts and we got it going.  Now we are working through the 'b' list of items that needed to be figured out and tested.

We have the GP portal/gateway configured for LDAP/AD authentication, and the auth part looks to be working fine.  However when the client connects, it comes up with an error 'Matching Client Config not found'.  We've checked the client config section, there's nothing restricting the OS, the AD auth is first in the list.  We've tried removing the AD group from the list, and also adding in a single account, with no AD accounts, but still getting this error.

Has anyone run into this, or have any suggestions on what we can try to resolve this?

L1 Bithead

Re: GP: "Matching Client Config Not Found" when trying to connect

Additional information:

This is running on PANOS 8.1.5, and GP version 4.1.9, using the 64 bit version on a Win10 laptop for testing.

L6 Presenter

Re: GP: "Matching Client Config Not Found" when trying to connect

What do the system logs say for the failing GP clients?  What do the GP client logs say?

L1 Bithead

Re: GP: "Matching Client Config Not Found" when trying to connect

Here's what the GP Logs are saying:

 

(T6428) 02/06/19 18:42:20:732 Debug(2740): REQID=14,IPADDR=(external_IP),PORT=443,URL=/ssl-vpn/getconfig.esp,POST=1,PROXY_AUTO=1,PROXY_CFGURL=NULL,PROXY=NULL,PROXY_BYPASS=NULL,PROXY_USER=NULL,PROXY_PASS=****,VERIFY_CERT=0,ADDITIONAL_CHECK=1,SCEP_CERT=,oid=
(T6428) 02/06/19 18:42:20:733 Debug(1142): Send response to client for request https_request
(T6428) 02/06/19 18:42:20:793 Debug(2850): receive pan_msg_ping, 1
(T6428) 02/06/19 18:42:20:796 Debug(2427): gateway (external IP)'s config is
<response status="error">
<portal>GP Gateway-N</portal>
<user>(username)</user>
<error>Matching client config not found</error>
</response>

(T6428) 02/06/19 18:42:20:796 Debug(3779): In SetGatewayRoute: The original route table:
(T6428) 02/06/19 18:42:20:798 Debug( 138): Destination NetMask Gateway Inf Metric
(T6428) 02/06/19 18:42:20:798 Debug( 153): 0.0.0.0 0.0.0.0 10.0.0.1 11 35
(T6428) 02/06/19 18:42:20:798 Debug( 153): 10.0.0.0 255.255.255.0 10.0.0.90 11 291
(T6428) 02/06/19 18:42:20:798 Debug( 153): 10.0.0.90 255.255.255.255 10.0.0.90 11 291
(T6428) 02/06/19 18:42:20:798 Debug( 153): 10.0.0.255 255.255.255.255 10.0.0.90 11 291
(T6428) 02/06/19 18:42:20:798 Debug( 153): 127.0.0.0 255.0.0.0 127.0.0.1 1 331
(T6428) 02/06/19 18:42:20:798 Debug( 153): 127.0.0.1 255.255.255.255 127.0.0.1 1 331
(T6428) 02/06/19 18:42:20:798 Debug( 153): 127.255.255.255 255.255.255.255 127.0.0.1 1 331
(T6428) 02/06/19 18:42:20:798 Debug( 153): 224.0.0.0 240.0.0.0 127.0.0.1 1 331
(T6428) 02/06/19 18:42:20:798 Debug( 153): 224.0.0.0 240.0.0.0 10.0.0.90 11 291
(T6428) 02/06/19 18:42:20:798 Debug( 153): 255.255.255.255 255.255.255.255 127.0.0.1 1 331
(T6428) 02/06/19 18:42:20:798 Debug( 153): 255.255.255.255 255.255.255.255 10.0.0.90 11 291
(T6428) 02/06/19 18:42:20:798 Debug(3789): SetGatewayRoute: GetBestRoute() returns Dest:0.0.0.0 Mask:0.0.0.0 if_index=11 metric1=35
(T6428) 02/06/19 18:42:20:798 Debug(3810): Created gateway route (external IP) succeeds
(T6428) 02/06/19 18:42:20:800 Error( 559): Failed to set client config
(T6428) 02/06/19 18:42:20:800 Error(2182): CreateTunnel: SetConfig() failed

L6 Presenter

Re: GP: "Matching Client Config Not Found" when trying to connect

could be many things but firstly are you using fqdn for gateway or ip address and do you have a tunnel interface for the gateway.

 

have you modified this line to hide some info...

 

(T6428) 02/06/19 18:42:20:796 Debug(2427): gateway (external IP)'s config is

 

if so...   was it displaying IP or FQDN.

L6 Presenter

Re: GP: "Matching Client Config Not Found" when trying to connect

I can re-create the error below..

 

(T7952) 02/08/19 12:58:37:977 Debug(2427): gateway wlapa3p7.vpn.xxx.xxx.uk's config is
 <response status="error">
  <portal>test-N</portal>
  <user>michael ball</user>
  <error>Matching client config not found</error>
 </response>

 

I also see this message on the Gweneth Paltro system logs

 

( description contains 'GlobalProtect gateway client configuration failed. User name: michael ball, Client OS version: Microsoft Windows 7 Professional Service Pack 1, 64-bit, error: Matching client config not found.' )

 

I simply removed myself from the Gateway\Agent\Client Settings\User\User Group.

 

so... it seems you have an issue with user/user groups on the gateway settings. Not the Portal.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!