global-protect client can't connect

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

global-protect client can't connect

L1 Bithead

Hi Team,

 

I am stuck in a situation. Whenever GP-client tries connecting to Firewall, it is stuck in between and then disconnects.

 

1. Client is able to connect to portal and download certificate.

2. I can see when it gets disconnects, i.e discovering network-->> connecting --> disconnects.

 

I have checked everything at my end. Kindly advise if anyone knows when this type of error occurs.

 

Regards,

Kunal

5 REPLIES 5

Community Team Member

Hi @kunal_19,

 

I'd start by checking the GP debug logs (especially PanGPS.log and PanGPA.log can provide useful information as to why you're disconnecting).

 

That said, this is a good place to start learning about debugging GP : 

https://live.paloaltonetworks.com/t5/Management-Articles/Troubleshooting-GlobalProtect/ta-p/75770

 

Or you might want to check out the GP resource page with plenty of Troubleshooting articles :

https://live.paloaltonetworks.com/t5/Management-Articles/GlobalProtect-resource-guide/ta-p/70472

 

Cheers !

-Kiwi

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Cyber Elite
Cyber Elite

Hi Kunal

 

Have you verified the logs on the firewall to see what error message you're seeing on your end ?

 

You can also export the logs generated by the GPclient to verify what it is reporting in more detail:

First open the panel and go to troubleshooting

Change the logging levels to debug and then let the client try to connect a few times, then hit the 'collect logs' button to export the log files and open with a text editor 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L1 Bithead

 Guys , how do i attach my notepad file containing global protect logs.

I can't see any options here 

attachments are not allowed for security reasons

 

you could paste the interesting log bits here or host the file offsite (so people can access it at their own risk 😉 )

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L1 Bithead

GUYS CHECK IF THESE LOGS HELP IN FINDING THE ERROR  

 

Enter login credentials 1 (T3152) 07/07/17 14:16:23:389 Debug(4811): REGION-PRIO, region code is (T3152) 07/07/17 14:16:23:389 DebuCg(9306): REGION-PRIO, save region code (T3152) 07/07/17 14:16:23:389 Debug(4825): No saml-auth-status. (T3152) 07/07/17 14:16:23:389 Debug(4834): No saml-auth-method. (T3152) 07/07/17 14:16:23:389 Debug(4844): No saml-request. (T3152) 07/07/17 14:16:23:389 Debug(4853): No prelogin-cookie. (T3152) 07/07/17 14:16:23:389 Debug(4859): Portal authentication-message is Enter login credentials (T3152) 07/07/17 14:16:23:389 Debug(4875): autosubmit is false (T3152) 07/07/17 14:16:23:389 Debug(4881): kerberos, tag krb-norm-username does not exist, check tag ccusername now. (T3152) 07/07/17 14:16:23:389 Debug( 78): pan_get_full_path(): full path in multibyte char is C:\Program Files\Palo Alto Networks\GlobalProtect\PanSCEP_92404abf2646bdab2bec49f217c95.cer (T3152) 07/07/17 14:16:23:389 Debug( 78): pan_get_full_path(): full path in multibyte char is C:\Program Files\Palo Alto Networks\GlobalProtect\PanSCEP_92404abf2646bdab2bec49f217c95.pfx (T3152) 07/07/17 14:16:23:389 Debug(5486): Portal user auth cookie file name is C:\Users\ACPL\AppData\Local\Palo Alto Networks\GlobalProtect\PanPUAC_92404abf2646bdab2bec49f217c95.dat (T3152) 07/07/17 14:16:23:389 Debug( 73): CTranslate: dwSidLen is 24 (T3152) 07/07/17 14:16:23:389 Info (1294): Failed to open file C:\Users\ACPL\AppData\Local\Palo Alto Networks\GlobalProtect\PanPUAC_92404abf2646bdab2bec49f217c95.dat (T3152) 07/07/17 14:16:23:389 Debug(5459): Portal prelogon auth cookie file name is PanPPAC_a58d1eeb8c28f094886687bb1efcc3f1.dat (T3152) 07/07/17 14:16:23:389 Debug( 73): CTranslate: dwSidLen is 24 (T3152) 07/07/17 14:16:23:389 Debug( 78): pan_get_full_path(): full path in multibyte char is C:\Program Files\Palo Alto Networks\GlobalProtect\PanPPAC_a58d1eeb8c28f094886687bb1efcc3f1.dat (T3152) 07/07/17 14:16:23:389 Debug( 486): pan_read_text_from_file(): File does not exist. File: C:\Program Files\Palo Alto Networks\GlobalProtect\PanPPAC_a58d1eeb8c28f094886687bb1efcc3f1.dat (T3152) 07/07/17 14:16:23:389 Info (1268): Failed to UnserializePortalPrelogonAuthCookie. (T3152) 07/07/17 14:16:23:389 Debug(1271): Unserialized empty cookie for portal 192.168.1.250 and pre-logon user. (T3152) 07/07/17 14:16:23:389 Debug(6229): Login... (T3152) 07/07/17 14:16:23:389 Debug(6250): pszPortalString = 00000000004BE960, new char[333]; (T3152) 07/07/17 14:16:23:389 Debug(6258): m_szDomainAndUsername is kunal (T3152) 07/07/17 14:16:23:389 Debug(6288): GetHttpResponse()... (T3152) 07/07/17 14:16:23:389 Debug(2512): portal proxyparam is empty (T3152) 07/07/17 14:16:23:389 Debug(2534): OID, oid= (T3152) 07/07/17 14:16:23:391 Debug( 73): CTranslate: dwSidLen is 24 (T3152) 07/07/17 14:16:23:391 Debug(2578): IPADDR=192.168.1.250,PORT=443,URL=/global-protect/getconfig.esp,POST=1,PROXY_AUTO=0,PROXY_CFGURL=NULL,PROXY=NULL,PROXY_BYPASS=NULL,PROXY_USER=NULL,PROXY_PASS=****,VERIFY_CERT=0,ADDITIONAL_CHECK=0,SCEP_CERT=,oid= (T3152) 07/07/17 14:16:23:391 Debug(1024): Send response to client for request https_request (T3152) 07/07/17 14:16:23:391 Debug(2583): Clean post data (T3152) 07/07/17 14:16:23:391 Debug(2608): gpapintimeout not set, set it to 600 seconds (T3152) 07/07/17 14:16:23:479 Debug(2678): receive pan_msg_ping, 1 (T3152) 07/07/17 14:16:23:479 Debug(2857): HTTP_RPC, len=5238, result is gp-portal 4100 4.0.2-19 ... (T3152) 07/07/17 14:16:23:479 Debug( 202): 5 OTP options exist in portal configuration. (T3152) 07/07/17 14:16:23:479 Debug( 583): Collect hip data is false. (T3152) 07/07/17 14:16:23:479 Debug( 63): VPN event pre-vpn-connect does not exist. (T3152) 07/07/17 14:16:23:479 Debug( 63): VPN event post-vpn-connect does not exist. (T3152) 07/07/17 14:16:23:479 Debug( 63): VPN event pre-vpn-disconnect does not exist. (T3152) 07/07/17 14:16:23:479 Debug( 630): No trusted host list defined! (T3152) 07/07/17 14:16:23:479 Debug( 674): No third party vpn clients defined (T3152) 07/07/17 14:16:23:479 Debug( 688): No internal host detection defined (T3152) 07/07/17 14:16:23:479 Debug( 693): No V6 gateways list (T3152) 07/07/17 14:16:23:479 Debug( 881): No internal gateway defined (T3152) 07/07/17 14:16:23:479 Debug( 900): Optional client-cert does not exist (T3152) 07/07/17 14:16:23:479 Debug( 936): Optional root-ca does not exist (T3152) 07/07/17 14:16:23:479 Debug( 73): CTranslate: dwSidLen is 24 (T3152) 07/07/17 14:16:23:479 Debug( 213): pan_write_text_to_file(): don't check pre-existance. (T3152) 07/07/17 14:16:23:479 Debug( 218): pan_write_text_to_file(): wrote 5248 of 5248 bytes to file C:\Users\ACPL\AppData\Local\Palo Alto Networks\GlobalProtect\PanPortalCfg_92404abf2646bdab2bec49f217c95.dat. (T3152) 07/07/17 14:16:23:479 Debug( 64): Saved portal config to file C:\Users\ACPL\AppData\Local\Palo Alto Networks\GlobalProtect\PanPortalCfg_92404abf2646bdab2bec49f217c95.dat. (T3152) 07/07/17 14:16:23:479 Debug(1450): Proxy auto detect is not needed (T3152) 07/07/17 14:16:23:479 Debug(6632): RefreshPortalConfig is yes, RefreshPortalConfigInterval is 24 (T3152) 07/07/17 14:16:23:479 Debug(8551): OID, new box (T3152) 07/07/17 14:16:23:479 Debug(8559): OID, m_OID is (T3152) 07/07/17 14:16:23:479 Debug(8561): OID, get from dynamic config is (T3152) 07/07/17 14:16:23:479 Debug(8567): kerberos, dynamic config value is yes (T3152) 07/07/17 14:16:23:495 Info ( 232): Failed to find attribute 'ipv6-preferred' (T3152) 07/07/17 14:16:23:495 Debug(6742): Failed to get ipv6-preferred from config, try local (T3152) 07/07/17 14:16:23:495 Info ( 232): Failed to find attribute 'mdm-address' (T3152) 07/07/17 14:16:23:495 Debug(6742): Failed to get mdm-address from config, try local (T3152) 07/07/17 14:16:23:495 Debug(7801): Set mdm address as empty (T3152) 07/07/17 14:16:23:495 Debug(6661): MDM is disabled (T3152) 07/07/17 14:16:23:495 Info ( 232): Failed to find attribute 'scep-profile-name' (T3152) 07/07/17 14:16:23:495 Info ( 232): Failed to find attribute 'user-email' (T3152) 07/07/17 14:16:23:495 Debug(6669): Scep certificate renew period is 7 days. Scep cert auth cookie length is 57 (T3152) 07/07/17 14:16:23:495 Debug(6680): Otp portal 0, otp internal gateway 0, otp auto external gateway 0, otp manual only external gateway 0 (T3152) 07/07/17 14:16:23:495 Info ( 232): Failed to find attribute 'ipv6-preferred' (T3152) 07/07/17 14:16:23:495 Debug(6786): Failed to get ipv6-preferred from config, try local (T3152) 07/07/17 14:16:23:495 Debug(6685): Prefer ipv6 is 1 after processing portal configuration. (T3152) 07/07/17 14:16:23:495 Info ( 232): Failed to find attribute 'mfa-enabled' (T3152) 07/07/17 14:16:23:495 Debug(6786): Failed to get mfa-enabled from config, try local (T3152) 07/07/17 14:16:23:495 Debug(6329): No scep profile (T3152) 07/07/17 14:16:23:495 Debug(2015): close WinHttp close handle. (T3152) 07/07/17 14:16:23:495 Debug(5592): this version of portal config is supported. (T3152) 07/07/17 14:16:23:495 Debug(5702): portal status is Connected. (T3152) 07/07/17 14:16:23:495 Debug(5703): returns 1. (T3152) 07/07/17 14:16:23:495 Debug(5124): Reload Agent Reg Config. (T3152) 07/07/17 14:16:23:495 Debug(8864): CPanMSService::ControlGPEnforcer() Loading GPEnforcer (T3152) 07/07/17 14:16:23:495 Debug(8886): CPanMSService::ControlGPEnforcer() GPEnforcer is loaded. (T3152) 07/07/17 14:16:23:495 Debug(1721): AlwaysOn,applyrules, rules=(null) (T3152) 07/07/17 14:16:23:495 Debug( 225): AlwaysOn,Opening Filtering Engine (T3152) 07/07/17 14:16:23:510 Debug( 271): AlwaysOn,appid is size=164, data=5c 00 64 00 (T3152) 07/07/17 14:16:23:510 Debug( 271): AlwaysOn,appid is size=164, data=5c 00 64 00 (T3152) 07/07/17 14:16:23:510 Debug( 271): AlwaysOn,appid is size=102, data=5c 00 64 00 (T3152) 07/07/17 14:16:23:510 Debug(1406): AlwaysOn,Starting Transaction (T3152) 07/07/17 14:16:23:510 Debug(1414): AlwaysOn,Successfully Started Transaction (T3152) 07/07/17 14:16:23:510 Debug(1416): AlwaysOn,Adding Sublayer (T3152) 07/07/17 14:16:23:510 Debug(1421): AlwaysOn,result=80320009, error=0 (T3152) 07/07/17 14:16:23:510 Debug(1423): AlwaysOn,FWP_E_ALREADY_EXISTS return, continue (T3152) 07/07/17 14:16:23:510 Debug(1430): AlwaysOn,Sucessfully added Sublayer (T3152) 07/07/17 14:16:23:510 Debug(1285): AlwaysOn,Adding Flow Established Filter (T3152) 07/07/17 14:16:23:510 Debug( 713): AlwaysOn,windows7, allow all applications! (T3152) 07/07/17 14:16:23:510 Debug( 741): AlwaysOn,result = 00000000, lastError=1150 (T3152) 07/07/17 14:16:23:510 Debug( 741): AlwaysOn,result = 00000000, lastError=1150 (T3152) 07/07/17 14:16:23:510 Debug( 741): AlwaysOn,result = 00000000, lastError=1150 (T3152) 07/07/17 14:16:23:510 Debug( 953): AlwaysOn,Adding Flow Established Filter (T3152) 07/07/17 14:16:23:510 Debug( 693): AlwaysOn,Adding Flow Established Filter (T3152) 07/07/17 14:16:23:510 Debug( 879): AlwaysOn,Adding Flow Established Filter (T3152) 07/07/17 14:16:23:510 Debug( 581): AlwaysOn,Adding in bound ip v4 traffic Filter (T3152) 07/07/17 14:16:23:510 Debug( 590): AlwaysOn,FwpmFilterAdd return error 80320002, lastError=0000047e (T3152) 07/07/17 14:16:23:510 Debug(1073): AlwaysOn,Adding Flow Established Filter (T3152) 07/07/17 14:16:23:510 Debug(1097): AlwaysOn,add allow local host filter (T3152) 07/07/17 14:16:23:510 Debug(1155): AlwaysOn,add enable dhcp filter (T3152) 07/07/17 14:16:23:510 Debug(1186): AlwaysOn,add enable dhcp filter (T3152) 07/07/17 14:16:23:510 Debug(1302): AlwaysOn,Successfully added Flow Established filter (T3152) 07/07/17 14:16:23:510 Debug(1362): AlwaysOn,Adding Flow Established Filter (T3152) 07/07/17 14:16:23:510 Debug( 606): AlwaysOn,AddBlockAllTrafficFilterV6 (T3152) 07/07/17 14:16:23:510 Debug( 635): AlwaysOn,Adding Flow Established Filter (T3152) 07/07/17 14:16:23:510 Debug(1379): AlwaysOn,Successfully added Flow Established filter (T3152) 07/07/17 14:16:23:510 Debug(1436): AlwaysOn,Committing Transaction (T3152) 07/07/17 14:16:24:244 Debug(1440): AlwaysOn,Successfully Committed Transaction (T3152) 07/07/17 14:16:24:244 Debug( 225): AlwaysOn,Opening Filtering Engine (T3152) 07/07/17 14:16:24:244 Debug( 384): AlwaysOn,Successfully Started Transaction (T3152) 07/07/17 14:16:24:244 Debug(1215): AlwaysOn,Adding Sublayer (T3152) 07/07/17 14:16:24:244 Debug(1220): AlwaysOn,result=80320009, error=0 (T3152) 07/07/17 14:16:24:244 Debug(1222): AlwaysOn,FWP_E_ALREADY_EXISTS return, continue (T3152) 07/07/17 14:16:24:244 Debug(2845): AlwaysOn,run process cmd=cmd /c netstat -ano > testrules.out(T3152) 07/07/17 14:16:24:400 Debug(2912): AlwaysOn,arrSize=3 (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:80, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=4 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:135, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=816 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:443, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=3612 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:445, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=4 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:902, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=2736 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:912, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=2736 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:2869, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=4 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:49152, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=528 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:49153, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=908 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:49154, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=976 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:49155, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=628 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:49159, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=620 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 0.0.0.0:49160, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=896 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 127.0.0.1:4767, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=3936 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 127.0.0.1:4767, foreignAddress is 127.0.0.1:50729, state=ESTABLISHED, pid=3936 (T3152) 07/07/17 14:16:24:400 Debug(3360): AlwaysOn,h is 0000000000000464 (T3152) 07/07/17 14:16:24:400 Debug(3362): AlwaysOn,process path name is \Device\HarddiskVolume2\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe (T3152) 07/07/17 14:16:24:400 Debug(3034): AlwaysOn,remember established connect, 127.0.0.1:4767, 127.0.0.1:50729, ESTABLISHED, 3936, port is 4767, panme is \Device\HarddiskVolume2\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe (T3152) 07/07/17 14:16:24:400 Debug(3045): AlwaysOn,this port is belongs to application Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe, do not block it! (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 127.0.0.1:8307, foreignAddress is 0.0.0.0:0, state=LISTENING, pid=3612 (T3152) 07/07/17 14:16:24:400 Debug(3078): AlwaysOn,ignore line: TCP (T3152) 07/07/17 14:16:24:400 Debug(3011): AlwaysOn,localAddress is 127.0.0.1:49158, foreignAddress is 127.0.0.1:62522, state=ESTABLISHED, pid=3340 (T3152) 07/07/17 14:16:24:400 Debug(3360): AlwaysOn,h is 0000000000000468 (T3152) 07/07/17 14:16:24:400 Debug(3362): AlwaysOn,process path name is \Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

  • 7813 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!