- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-21-2016 04:56 AM - edited 11-21-2016 04:57 AM
Hey experts!
I have a new Windows 10 notebook and Global Protect Client 2.3.4-4 installed.
However, the connect button is greyed out.
I read on the Palo Alto site that the recommended minimum agent version is 3.0.3.
So is the problem my 2.3.4 version? Doesn't it work with Windows 10?
11-21-2016 05:05 AM
Well MPI,
I would hazzard a guess to say the connect button is disabled from the firewall side.. What version of PAN-OS is running on the firewall and what agent settings have you configured there ?
windows 10 connects perfect with global protect .. tried n tested..
Regards
Robert D
11-21-2016 05:23 AM - edited 11-21-2016 11:14 PM
Hi,
which global protect version do you use with Windows 10?
PAN-OS is 7.0.7
I have configured pre-logon (Always On)
PS: So I don't know what's the problem but on Windows 7 the Global Protect client works.
So I think I should first test the 3.0.3 client on my Windows 10.
Is there a possibility to download the global protect client 3.0.3 standalone?
Because if I download it on the firewall and activate it, all clients will update to this version.
And I fear that some clients will not work then.
What do you think?
(If I have to activate it globally, what's the latest preferred version?)
11-22-2016 03:00 PM
Check if the users passwords are expired via your LDAP or authentication server.
I'm pretty positive that when a users password expired, currently, although there is a feature request open - you are unable to change your password via the pre-logon GP feature on Windows 10.
A current workaround is to log in via normal AD, change PW, log back out and log in via GP pre-logon.
Hope this makes sense - remember if the passwords are not expired then this isn't your issue
11-22-2016 11:33 PM - edited 11-22-2016 11:36 PM
Hi MTizani,
not sure if I understand it.
There are no local vpn users on the firewall, only LDAP users (Active Directory).
When I do my Windows login on my notebook with my user account, that works.
So I think my password isn't expired.
Did you mean that?
mmmh...don't you think it's the problem because of the 2.3.4 version?
Should I activate the 3.0.3 version on the firewall?
Or can you recommend a newer GP version?
12-23-2016 02:26 AM - edited 12-23-2016 02:29 AM
Update from me: It was a problem with SSO, so the button was greyed out!
But by the way: Does anyone of you use GP Version 3.0.3 or above?
Do one of these versions (3.0.3 or above) work correctly with Windows 7 - 10 and MAC OS X 10.9 - 10.11?
02-08-2017 03:20 PM
Hi There,
Tested 3.1.5 and 4.0.0 GP on windows ten and macbook {latest as at todays date}. Connect ok - ipsec and ssl. To PAN-OS 7.1.5 and the new 8.0.0. Xauth has issues if using loopbacks, recommendations is to use the gateway on non loopback interface.
If using iphones or android phones am seeing some issues on 3.1.5 and 4.0.0 gp currently. Being researched atm..
Kind regards
Robert d
02-16-2017 02:55 PM
MPI-AE, we are using GP 3.1.3 and 3.1.5 on iOS phones, Windows 7 Ent, and Windows 8 Ent.
With no other 3rd party credential providers installed SSO works on the Windows machines without a problem. The OS detection, user/group mapping, and HIP checks are all working correctly as well.
Unfortunately we are having problems with SSO with our drive encryption and other credential provider components. As of yet we have not found a solution for that.
Brian
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!