Globalprotect client failing authentication

Reply
Highlighted
Not applicable

Globalprotect client failing authentication

We have had several instances where our end users are not able to connect with the globalprotect client since upgrading to PANOS 4.1.  When I check the system log file I see the following errors

2012/01/18 09:45:03info     globalp portal globalp 0  GlobalProtect portal user authentication failed. Login from: 208.54.35.242, User name: USER, Reason: Authentication failed: Invalid username or password .

2012/01/18 09:45:03info     general        auth-fa 0  User 'USER' failed authentication.  Reason: User is in locked users list From: 208.54.35.242.

2012/01/18 09:45:02info     globalp portal globalp 0  GlobalProtect portal user authentication failed. Login from: 208.54.35.242, User name: USER, Reason: Authentication failed: Invalid username or password .

2012/01/18 09:45:02info     general        auth-fa 0  User 'USER' failed authentication.  Reason: User is in locked users list From: 208.54.35.242.

If I force an IP address change on the end user's PC then I can connect.  I've tried looking for a lock file for specific IP addresses but have not been successful in finding anything of the sort.  Can someone please point me in the right direction?

We are running Panos v 4.1.0 and globalprotect client 1.1.1.  We use Radius on windows 2008 server and pan agent to authenticate.

Thanks in advance,

James

Highlighted
Not applicable

Re: Globalprotect client failing authentication

Looks like some of these erros may be due to password change notices.  I will run some tests.

Highlighted
L3 Networker

Re: Globalprotect client failing authentication

You are not the only one having this issue.

We have a couple PA-500s in our environment and upon upgrading to 4.1.2 from 4.0.5 Apps-and-Threats 288-1251 would fail to install and sync to the HA Peer.  We also upgraded our GlobalProtect Client to version 1.1.1 from 1.0.5 and GlobalProtect stopped working externally.  It would get hung up on "Connecting" and fail to connect.  Upon testing, we reverted to our previously installed versions of GlobalProtect and Software and GlobalProtect then works.  However, the "panupv2-all-contents-288-1251.tgz" still will not install properly and sync to the HA Peer.

Staying in our known working config until this gets fixed...

Highlighted
L6 Presenter

Re: Globalprotect client failing authentication

Kamish: I do hope you filed this as a bug to the support (or are you expecting other customers to do that? :P)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!