GlobalProtect client can't authenticate anymore after upgrade to 4.1

Reply
Highlighted
L3 Networker

GlobalProtect client can't authenticate anymore after upgrade to 4.1

We have upgraded our firewall to version 8.1 and the GlobalProtect agent to 4.1.

We use a certificate to authenticate with our GlobalProtect Agent but after the upgrade (8.0.5 and 4.0.3) nobody can't authenticate anymore.

In the logs I always see this:

First

'GlobalProtect portal user authentication succeeded. Login from: 10.1.2.10, Source region: 10.0.0.0-10.255.255.255, User name: STSCH@zeb.be, Auth type: client certificate.Client OS version: Microsoft Windows 10 Pro , 64-bit

After:
GlobalProtect portal client configuration failed. Login from: 10.1.2.10, Source region: 10.0.0.0-10.255.255.255, User name: STSCH@zeb.be, Client OS version: Microsoft Windows 10 Pro , 64-bit


Accepted Solutions
Highlighted
L3 Networker

The problem is in the PanOS version 8.1 and userID agent 8.1. UserID indentification does not work in the releases.

If you use this in your company don't upgrade to 8.1.0

View solution in original post


All Replies
Highlighted
L7 Applicator

is the portal/agent/config set to any user/group

Highlighted
L3 Networker

But now it is set to a specific security group in our Active-Directory. I'm member of this group and it worked before!

You solution works, but I would really like the Active Direcotry group.

Highlighted
L3 Networker

I think I see what the problem is. I needed to install new UserID agents (8.1.0-66) and my users doesn't get mapped properly.

L7 Applicator

i was not offering it as a solution, because of the log output that you provided it was obvious that the issue was with agent permissions.

Highlighted
L3 Networker

The problem is in the PanOS version 8.1 and userID agent 8.1. UserID indentification does not work in the releases.

If you use this in your company don't upgrade to 8.1.0

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!