This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

GlobalProtect client can't authenticate anymore after upgrade to 4.1

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect client can't authenticate anymore after upgrade to 4.1

Go to solution
ZEBIT
L3 Networker

‎03-29-2018 03:17 AM

We have upgraded our firewall to version 8.1 and the GlobalProtect agent to 4.1.

We use a certificate to authenticate with our GlobalProtect Agent but after the upgrade (8.0.5 and 4.0.3) nobody can't authenticate anymore.

In the logs I always see this:

First

'GlobalProtect portal user authentication succeeded. Login from: 10.1.2.10, Source region: 10.0.0.0-10.255.255.255, User name: STSCH@zeb.be, Auth type: client certificate.Client OS version: Microsoft Windows 10 Pro , 64-bit

After:
GlobalProtect portal client configuration failed. Login from: 10.1.2.10, Source region: 10.0.0.0-10.255.255.255, User name: STSCH@zeb.be, Client OS version: Microsoft Windows 10 Pro , 64-bit

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
ZEBIT
L3 Networker
In response to Mick_Ball

‎03-29-2018 07:40 AM

The problem is in the PanOS version 8.1 and userID agent 8.1. UserID indentification does not work in the releases.

If you use this in your company don't upgrade to 8.1.0

View solution in original post

0 Likes Likes
5 REPLIES 5

Go to solution
Mick_Ball
L7 Applicator

‎03-29-2018 03:41 AM

is the portal/agent/config set to any user/group

0 Likes Likes

Go to solution
ZEBIT
L3 Networker
In response to Mick_Ball

‎03-29-2018 04:08 AM - edited ‎03-29-2018 04:13 AM

But now it is set to a specific security group in our Active-Directory. I'm member of this group and it worked before!

You solution works, but I would really like the Active Direcotry group.

0 Likes Likes

Go to solution
ZEBIT
L3 Networker
In response to ZEBIT

‎03-29-2018 04:31 AM

I think I see what the problem is. I needed to install new UserID agents (8.1.0-66) and my users doesn't get mapped properly.

0 Likes Likes

Go to solution
Mick_Ball
L7 Applicator
In response to ZEBIT

‎03-29-2018 06:00 AM - edited ‎03-29-2018 06:01 AM

i was not offering it as a solution, because of the log output that you provided it was obvious that the issue was with agent permissions.

0 Likes Likes

Go to solution
ZEBIT
L3 Networker
In response to Mick_Ball

‎03-29-2018 07:40 AM

The problem is in the PanOS version 8.1 and userID agent 8.1. UserID indentification does not work in the releases.

If you use this in your company don't upgrade to 8.1.0

0 Likes Likes
  • 1 accepted solution
  • 3632 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks