GlobalProtect - Cannot connect to local gpd service

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect - Cannot connect to local gpd service

L0 Member

Hi there!

 

I have a little problem with GlobalProtect and I don't know how to solve it..
I use Ubuntu 18.04
Each command to globalprotect (for example globalprotect help OR globalprotect connect) returns the answer:
Cannot connect to local gpd service.

I tried to restart gpd service (sudo systemctl restart gpd), it didn't help
Command systemctl status gpd shows:
● gpd.service - GlobalProtect VPN client daemon
   Loaded: loaded (/lib/systemd/system/gpd.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: core-dump) since Wed 2019-01-23 14:28:07 MSK; 1s ago
  Process: 9490 ExecStart=/opt/paloaltonetworks/globalprotect/PanGPS (code=dumped, signal=SEGV)
  Process: 9487 ExecStartPre=/opt/paloaltonetworks/globalprotect/pre_exec_gps.sh (code=exited, status=0/SUCCESS)
 Main PID: 9490 (code=dumped, signal=SEGV)

In PanGPA.log:

P1580-T1379489536 Jan 23 10:29:27:506481 Debug( 385): Command = <response><type>status</type><state>Connected</state><error></error><disable>no</disable><on-demand>yes</on-demand></response>
P1580-T1379489536 Jan 23 10:29:27:506495 Error( 304): RelayToUI - message send to GPI failed.
P1580-T1379489536 Jan 23 10:29:27:506501 Debug(1420): ===> response sent to GPI = <response><type>status</type><state>Connected</state><error></error><disable>no</disable><on-demand>yes</on-demand></response>
P1650-T-1845340416 Jan 23 13:20:53:75840 Info ( 676): debug thread starts
P1650-T-1825032384 Jan 23 13:20:53:75893 Info (  85): start PanGPA main. 1650
P1650-T-1825032384 Jan 23 13:20:53:77223 Info ( 170): ################### main - PanGPA started. pid = 1650. ##################
P1650-T-1825032384 Jan 23 13:20:53:78096 Debug(  98): Current login user is user123.
P1650-T-1825032384 Jan 23 13:20:53:78612 Debug(  64): m_pConfig initialized.
P1650-T-1825032384 Jan 23 13:20:53:185086 Debug( 269): save-user-credentials = -1
P1650-T-1825032384 Jan 23 13:20:53:185098 Debug( 287): portal-2fa = no
P1650-T-1825032384 Jan 23 13:20:53:185100 Debug( 298): internal-gateway-2fa = no
P1650-T-1825032384 Jan 23 13:20:53:185102 Debug( 309): auto-discovery-external-gateway-2fa = no
P1650-T-1825032384 Jan 23 13:20:53:185103 Debug( 320): manual-only-gateway-2fa = no
P1650-T-1825032384 Jan 23 13:20:53:185821 Info ( 225): Current debug level = 5
P1650-T-1825032384 Jan 23 13:20:53:187491 Debug(  70): CPanUserInformation::clear - user information for portal  were all cleared include encrypted info.
P1650-T-1825032384 Jan 23 13:20:53:187503 Debug(  77): CPanUesrInformation::clearBackup - backup EP cleared.
P1650-T-1825032384 Jan 23 13:20:53:187809 Debug( 266): modp_b64_decode success. decode length = 48, buffer length = 2048
P1650-T-1825032384 Jan 23 13:20:53:187842 Debug(  85): m_pUserInfo initialized.
P1650-T-1825032384 Jan 23 13:20:53:187846 Debug( 107): CPanConfigMgrLinux initialized.
P1650-T-1825032384 Jan 23 13:20:53:187893 Info ( 580): startCommandQueue - command queue started.
P1650-T-1825032384 Jan 23 13:20:53:187896 Debug( 118): CPanCommandLinux initialized.
P1650-T-1825032384 Jan 23 13:20:53:187900 Debug(  25): CPanBaseStatsMgr::init - m_stats initialized.
P1650-T-1825032384 Jan 23 13:20:53:187902 Debug( 124): stats and stats manager initialized.
P1650-T-1825032384 Jan 23 13:20:53:187903 Debug( 129): CPanNotification initialized.
P1650-T-1825032384 Jan 23 13:20:53:187907 Debug(  87): CPanParser::handleServiceData - new receiver created.
P1650-T-1825032384 Jan 23 13:20:53:187908 Debug( 136): CPanGPIParser initialized.
P1650-T-1825032384 Jan 23 13:20:53:187910 Info ( 142): Socket is NULL while user is not switched out! recreate socket.
P1650-T-1825032384 Jan 23 13:20:53:187912 Debug( 149): New socket created.
P1650-T-1825032384 Jan 23 13:20:53:187915 Info ( 154): InitConnection ...
P1650-T-1825032384 Jan 23 13:20:53:187935 Error(  72): Failed to set nosigpipe
P1650-T-1825032384 Jan 23 13:20:53:187971 Error(  75): Failed to connect to server at port:4767
P1650-T-1825032384 Jan 23 13:20:53:187974 Error( 158): Cannot connect to service, error: 111
P1650-T-1825032384 Jan 23 13:20:53:187995 Info ( 342): startGpiCommandQueue - command queue started.
P1650-T-1946159360 Jan 23 13:20:53:187998 Error( 471): GpiCommandProc - message queue is not ready.
P1650-T-1825032384 Jan 23 13:20:53:188013 Info ( 454): StartSocketMonitor - socket monitoring started.
P1650-T-1825032384 Jan 23 13:20:53:188015 Info (  72): CPanMSAgent::Start - GpiCommandProc started.
P1650-T-1954552064 Jan 23 13:20:56:188607 Info ( 221): InitConnection ...
P1650-T-1954552064 Jan 23 13:20:56:188627 Debug(  54): fd still open before connect
P1650-T-1954552064 Jan 23 13:20:56:188635 Error(  72): Failed to set nosigpipe
P1650-T-1954552064 Jan 23 13:20:56:188672 Error(  75): Failed to connect to server at port:4767
P1650-T-1954552064 Jan 23 13:20:56:188675 Error( 225): Cannot connect to service, error: 111

 

The problem started after incorrect forced system shutdown (linux didn't want to wake up from the sleep mode). Before everything worked fine

 

Thanks in advance for your help

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@ogoili,

Active: activating

 

That would mean that the service isn't actually starting successfully. Once it's started it should display 'Active: active (running)'. You might want to simply remove GlobalProtect and re-install it if you keep running into issues getting the gpd service to start successfully. 

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

@ogoili,

Active: activating

 

That would mean that the service isn't actually starting successfully. Once it's started it should display 'Active: active (running)'. You might want to simply remove GlobalProtect and re-install it if you keep running into issues getting the gpd service to start successfully. 

L0 Member

Hi, I have the same issue tough i reinstalled GlobalProtect, restarted gpd service and now it is active and running but i still get the error message.

-----

 

kali@linux >> ~ >> sudo systemctl restart gpd
kali@linux >> ~ >> systemctl status gpd
gpd.service - GlobalProtect VPN client daemon
Loaded: loaded (/lib/systemd/system/gpd.service; enabled; vendor preset: d>
Active: active (running) since Tue 2020-03-31 16:14:01 CEST; 9s ago
Process: 6374 ExecStartPre=/opt/paloaltonetworks/globalprotect/pre_exec_gps>
Main PID: 6377 (PanGPS)
Tasks: 5 (limit: 18981)
Memory: 16.0M
CGroup: /system.slice/gpd.service
└─6377 /opt/paloaltonetworks/globalprotect/PanGPS
kali@linux >> ~ >> globalprotect connect --portal <myportal>
Cannot connect to local gpd service.

 

-----

After installing the .deb package, you'll get 2 processes running:

root      6793 0.5 0.1 662044 17936 ?        Ssl 18:33 0:00 /opt/paloaltonetworks/globalprotect/PanGPS
etj       6814 0.5 0.0 340624 15348 ?        Sl 18:33 0:00 /opt/paloaltonetworks/globalprotect/PanGPA start

 

(where "etj" is my login user. )

 

The PanGPA process is started in the "postinst" script, so I guess it won't survive a reboot.

If PanGPA is not running, I get the "Cannot connect to local gpd service." error.

 

I had some issue running the "globalprotect" program as root, but it worked perfectly as user etj.

 

Also, I had to change the MTU of the gpd0 interface, since it prevented me to connect via ssh to a remote machine (search for "SSH2_MSG_KEX_ECDH_REPLY mtu" should you get this kind of error).

 

So:

1) make sure PanGPA is running, together with PanGPS

2) run the globalprotect as the same user running PanGPA

 

   Cheers,

   Emanuele

Hi,

 

I had the same problem. Somehow PanGPA was stopping during system startup because of that "Cannot connect to service, error 111". If I manually start PanPGA, everything works fine:

 

/opt/paloaltonetworks/globalprotect/PanGPA start

 

Or run it in background with this script:

 

/opt/paloaltonetworks/globalprotect/PanMSInit.sh

  • 1 accepted solution
  • 56814 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!