Globalprotect dissonnection issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Globalprotect dissonnection issues

L4 Transporter

I have a couple of users who say that when on the GP VPN client it disconnects them multiple times and I have not been able to reproduce their issues.

The only thing I have found so far is this in the system logs "globalprotect gateway user login failed. error existing user session found"

 

collected logs on the client and nothing really stands out. any ideas would be appreciated

43 REPLIES 43

L7 Applicator

@jdprovine, Hi.

 

the error log you are seeing is normal when a user is disconnected but does not manually disconnect.....

 

are they just losing comms or does the GP client actually display the red "X".

 

if you are getting the "X" then this will be detailed in the GP client logs...

 

what version of GP and PAN OS...

 

 

 

L7 Applicator

Also... are they able to reconnect immediately....

@Mick_Ball

 

Version of GP is 4.0 Pan OS is 7.1.13

Not sure about the red X - GP client logs on the client itself or on the firewall

when you say not sure about the red X, do you mean you don't know what I'm talking about or you haven't asked the users...

 

its not actually a red cross, it's a white cross in a red circle... (system tray icon)

 

perhaps it would be easier to say "how do they know that they have been disconnected".

 

yes client logs... 

 

 

just going for a smoke... but also...

 

what is auth method.

is connection on demand or always on

any cert auth involved

is this wifi or mobile data

 

laters.....

@Mick_Ball

 

He says that it say disconnected but didn't look for the red x, the connection is on-demand, we do have a cert involved, not mobile its a desktop, don't think it is wifi

 

 

image.pngimage.png

@Mick_Ball

 

He does not reconnect, he ends up choosing to connect again through the client

"He does not reconnect, he ends up choosing to connect again through the client"

 

what i meant was.... was he able manually connect immediately or did it take a few attempts....

 

can we assume he is using the same portal/gateway address as other users without the issue....

 

are the users with the same issue all connecting from the same site..

 

probably teaching you to suck eggs but worth asking....

 

also... on your version of 7 do you have the option in the GP portal app for "restoration of VPN connection timeout"

I'm not sure when this was introduced...

 

if the "disconnected" pop up is visible then this will be recorded in the pangps.log from client.

 

 

@Mick_Ball

 

He was not able to immediately connect manually it took a few attempts

Yes he is using the same portal/gateway that I am, and I am having no issues. In fact I have my spare laptop on comcast connecting through the VPN and having no issues. It has been online for about 2 hours. No the two users that are having issues are connecting from home and they don't even live in the same town. 

I checked the portal/app tab and automatic restoration of VPN connection restore attempts (sec) is set to 30

 

Is this on the firewall pangps.log ? Or does it need to be collected through the client

 

@Mick_Ball

 

These are the logs he collected using the client trouble shooting logs PANGP-service, I read this as the client couldn't find or get to the portal to connect

 

(T8840) 02/16/18 04:07:21:375 Error(3259): UnsetRoutesV6: No route installed before

(T8840) 02/16/18 04:08:21:678 Error( 870): Server Error: Connect to portalIP:443 Failed
(T8840) 02/16/18 04:08:21:678 Error( 696): do_tcp_connect() failed
(T8840) 02/16/18 04:08:21:678 Error(3611): ConnectSSL: Failed to connect to 'portalIP:443'
(T8840) 02/16/18 04:08:21:678 Error(3642): ConnectSSL(FALSE) failed
(T8840) 02/16/18 04:08:21:678 Error(2130): Disconnect: Logout() failed
(T4400) 02/16/18 04:09:10:046 Error(1128): Failed to X509_LOOKUP_load_file
(T4400) 02/16/18 04:09:10:616 Error(2170): failed to retrieve client certificate passphrase. return false.
(T4400) 02/16/18 04:09:10:616 Error(5131): Failed to export client cert.
(T9784) 02/16/18 04:09:10:627 Error(9092): GetClientIpForGateway(): invalid remote host: .
(T9784) 02/16/18 04:09:10:627 Error( 178): CPanGatewayList::SelectInternalGateways() - failed to retrieve client source ipv6!
(T9784) 02/16/18 04:09:10:707 Error(1128): Failed to X509_LOOKUP_load_file
(T9784) 02/16/18 04:09:21:197 Error(1128): Failed to X509_LOOKUP_load_file
(T10404) 02/16/18 04:09:23:693 Error(1152): CheckDriverData() failed
00000000: 01 80 c2 00 00 0e 02 50 41 00 00 01 88 cc 02 07
00000010: 04 02 50 41 00 00 01 04 07 03 02 50 41 00 00 01
00000020: 06 02 0e 11 fe 09 00 12 0f 01 03 00 01 00 00 fe
00000030: 07 00 12 bb 01 00 01 01 00 00 ........ ..
(T10404) 02/16/18 04:09:24:693 Error(1152): CheckDriverData() failed
00000000: 01 80 c2 00 00 0e 02 50 41 00 00 01 88 cc 02 07
00000010: 04 02 50 41 00 00 01 04 07 03 02 50 41 00 00 01
00000020: 06 02 0e 11 fe 09 00 12 0f 01 03 00 01 00 00 fe
00000030: 07 00 12 bb 01 00 01 01 00 00 ........ ..
(T10404) 02/16/18 04:09:25:694 Error(1152): CheckDriverData() failed
00000000: 01 80 c2 00 00 0e 02 50 41 00 00 01 88 cc 02 07
00000010: 04 02 50 41 00 00 01 04 07 03 02 50 41 00 00 01
00000020: 06 02 0e 11 fe 09 00 12 0f 01 03 00 01 00 00 fe
00000030: 07 00 12 bb 01 00 01 01 00 00 ........ ..
(T5660) 02/16/18 04:11:22:240 Error(3259): UnsetRoutesV6: No route installed b

sorry, yes from the GP client on the PC.

 

it may be of some help to ask them to monitor connects/disconnect times on a particular day and send you the details and logs.

this would save trawling through all the spurious messages that those logs collect....

 

the first thing i do when a users connection attempt fails is to open thier browser and https to the portal.

 

if they get a "page cannot be displayed" then GP has no chance...

 

going on your info thus far I'm heading towards crappy home network/adsl etc....  

 

ok just seen that you have posted again.... will take a look....

 

@jdprovine,

From the last logs it looks like he can't actually connect to the portal, which would be a pretty big issue. I'd have to look at my logs to verify, but I don't think it should show as 'portallIP:433' in the logs, it should show the actual IP/hostname it's trying to connect to. 

@BPry

 

I took the IP out for security reasons, it is the correct IP address and he is failing to connect to it. So is that a failure on the users side or the PA's side

@jdprovine,

Generally it would be on the user side, not the PA. Can the user access the Portal directly through a browser when he is experiancing issues? 

  • 14479 Views
  • 43 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!