This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Globalprotect client failing authentication

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Globalprotect client failing authentication

jbland
Not applicable

‎01-18-2012 07:31 AM

We have had several instances where our end users are not able to connect with the globalprotect client since upgrading to PANOS 4.1.  When I check the system log file I see the following errors

2012/01/18 09:45:03info     globalp portal globalp 0  GlobalProtect portal user authentication failed. Login from: 208.54.35.242, User name: USER, Reason: Authentication failed: Invalid username or password .

2012/01/18 09:45:03info     general        auth-fa 0  User 'USER' failed authentication.  Reason: User is in locked users list From: 208.54.35.242.

2012/01/18 09:45:02info     globalp portal globalp 0  GlobalProtect portal user authentication failed. Login from: 208.54.35.242, User name: USER, Reason: Authentication failed: Invalid username or password .

2012/01/18 09:45:02info     general        auth-fa 0  User 'USER' failed authentication.  Reason: User is in locked users list From: 208.54.35.242.

If I force an IP address change on the end user's PC then I can connect.  I've tried looking for a lock file for specific IP addresses but have not been successful in finding anything of the sort.  Can someone please point me in the right direction?

We are running Panos v 4.1.0 and globalprotect client 1.1.1.  We use Radius on windows 2008 server and pan agent to authenticate.

Thanks in advance,

James

0 Likes Likes
3 REPLIES 3

jbland
Not applicable

‎01-18-2012 01:56 PM

Looks like some of these erros may be due to password change notices.  I will run some tests.

0 Likes Likes

kamish
L3 Networker
In response to jbland

‎01-21-2012 06:51 AM

You are not the only one having this issue.

We have a couple PA-500s in our environment and upon upgrading to 4.1.2 from 4.0.5 Apps-and-Threats 288-1251 would fail to install and sync to the HA Peer.  We also upgraded our GlobalProtect Client to version 1.1.1 from 1.0.5 and GlobalProtect stopped working externally.  It would get hung up on "Connecting" and fail to connect.  Upon testing, we reverted to our previously installed versions of GlobalProtect and Software and GlobalProtect then works.  However, the "panupv2-all-contents-288-1251.tgz" still will not install properly and sync to the HA Peer.

Staying in our known working config until this gets fixed...

0 Likes Likes

mikand
L6 Presenter
In response to kamish

‎01-21-2012 01:28 PM

Kamish: I do hope you filed this as a bug to the support (or are you expecting other customers to do that? :P)

0 Likes Likes
  • 2735 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks