Globalprotect client failing authentication

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Globalprotect client failing authentication

Not applicable

We have had several instances where our end users are not able to connect with the globalprotect client since upgrading to PANOS 4.1.  When I check the system log file I see the following errors

2012/01/18 09:45:03info     globalp portal globalp 0  GlobalProtect portal user authentication failed. Login from: 208.54.35.242, User name: USER, Reason: Authentication failed: Invalid username or password .

2012/01/18 09:45:03info     general        auth-fa 0  User 'USER' failed authentication.  Reason: User is in locked users list From: 208.54.35.242.

2012/01/18 09:45:02info     globalp portal globalp 0  GlobalProtect portal user authentication failed. Login from: 208.54.35.242, User name: USER, Reason: Authentication failed: Invalid username or password .

2012/01/18 09:45:02info     general        auth-fa 0  User 'USER' failed authentication.  Reason: User is in locked users list From: 208.54.35.242.

If I force an IP address change on the end user's PC then I can connect.  I've tried looking for a lock file for specific IP addresses but have not been successful in finding anything of the sort.  Can someone please point me in the right direction?

We are running Panos v 4.1.0 and globalprotect client 1.1.1.  We use Radius on windows 2008 server and pan agent to authenticate.

Thanks in advance,

James

3 REPLIES 3

Not applicable

Looks like some of these erros may be due to password change notices.  I will run some tests.

You are not the only one having this issue.

We have a couple PA-500s in our environment and upon upgrading to 4.1.2 from 4.0.5 Apps-and-Threats 288-1251 would fail to install and sync to the HA Peer.  We also upgraded our GlobalProtect Client to version 1.1.1 from 1.0.5 and GlobalProtect stopped working externally.  It would get hung up on "Connecting" and fail to connect.  Upon testing, we reverted to our previously installed versions of GlobalProtect and Software and GlobalProtect then works.  However, the "panupv2-all-contents-288-1251.tgz" still will not install properly and sync to the HA Peer.

Staying in our known working config until this gets fixed...

Kamish: I do hope you filed this as a bug to the support (or are you expecting other customers to do that? :P)

  • 2749 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!