GlobalProtect stops to connect

Reply
Highlighted
Cyber Elite

I just wanted to mention this ... with a TAC case you have the possibility to escalate it by your SE ... if the community stops helping, then ...

Highlighted
Cyber Elite

@Alex_Samad

As there are no specific configurations for specific clients, this sounds more like a client issue. So did you already search for differences on these clients (working/not working)? (Different OS versions, different installed updates, diffetent local software,...)

Or did you compare the global protect client logs from a working withva not working client to find out if there are big differences or to find out more about the actual problem?

Highlighted
L4 Transporter

tried to. the feedback from support is that the client doesn't have access to the root ca.

 

Strange because if I point IE to the portal it works and certifies it.

 

I might try and run reg mon or file mon on the GP process and see what is happening

Highlighted
L1 Bithead

Yes I have root cert same as for portal.


I tried to remove all certificates and resttarting. My cert automatically added as root cert.

It is "Go Daddy Class 2 Certificate Authority" SHA1RSA algorithm expired in 34th year 

Tried the same in my virtual (VirtualBox from Oracle) host, and again virtual host works, my host don't work

Any more ideas?

 

Here pcap screen short for my portal firstly I tried to connect using globalprotect and second time with browser

 pcap_screen.png

Thanks

Highlighted
Cyber Elite

@Udineverisch

Without more details about the logs and the configuration of the portal and the gateway it slowly gets difficult to suggest ways to solve the problem.

If the portal/gateway has the same configuration for every client and does not manually block your computer, it has to be an issue on your computer, specially because your virtual box still works.

Is there any difference on these 2? Special software, windows updates, ...?

Highlighted
L1 Bithead


@vsys_remo wrote:

@Udineverisch

Without more details about the logs and the configuration of the portal and the gateway it slowly gets difficult to suggest ways to solve the problem.

If the portal/gateway has the same configuration for every client and does not manually block your computer, it has to be an issue on your computer, specially because your virtual box still works.

Is there any difference on these 2? Special software, windows updates, ...?


No any special. Just usual actions.

I don't know what problem was. 
I reinstalled Win10 and it solve problem. 
Anyway thank you for your accistance.


Highlighted
L4 Transporter

Thought I would add by findings. so after lots of wireshark captures and talking with support.

 

we isolated my problem down to me wanting a client cert, signed by a specific CA.

 

on my laptop that wasn't working, deleting and re installing the cert seemed to make it work.

 

My cert is being stored in the machine store, not a user store.

 

and the cert was working before for openvpn and mmc said it was okay.

 

So I hope that helps somebody. off to test on my other machines

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!