What VPN are you using normal VPN with globalprotect APP or Clientless VPN? Do you or your users have any real impact? It is possible that the users first log in the normal VPN then hey try to use the clientless VPN.
You may also have issues where clients disconnect because of a bad network, bad MTU etc., so generate globalprotect logs and check them:
If you have palo alto 9.1 or newer, you may also see performance metrics from the firewall for the client tunnels:
I've never seen this error prevent someone from logging in properly. Immediately following this error you should be seeing a 'remove previous login' gateway-logout immediately followed by a gateway-login for the host-id. Effectively the firewall is simply clearing the stale session that wasn't properly shutdown and re-building a new session for the host-id.
Are you saying that you've looked at logging and you aren't seeing it remove the previous login and forming a new connection?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!