This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Have to reboot globalprotect client to connect.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Have to reboot globalprotect client to connect.

fmurray
L1 Bithead

‎01-12-2017 03:26 PM

WE have a problem with globalprotect-  The users sometimes need to disable the globalprotect client in order to connect to another VPN.  Later when the globalprotect client is re-enabled, any attempt to authenticate immediately returns a username/password invalid error.  If the user reboots the computer, the globalprotect client works first try.

 

Some users have the same problem if their computer goes into sllep mode-  after waqking the computer up, the authentication fails until the computer is restarted.  After that it works fine.

 

Any ideas?

 

Here's log before reboot:

 

2017-01-12 14:26:23.046 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1540): Receive request: msg type PAN_AUTH_REQ_REMOTE_INIT_AUTH, conv id 79, body length 2156
2017-01-12 14:26:23.046 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1563): Trying to authenticate: <profile: "Remote_ail(pan_auth_util.c:921): "fmurray" is a non-admin user with auth profile "Remote_Acess_Sequence" and vsys "vsys1"
2017-01-12 14:26:23.046 -0800 debug: _get_authseq_profile(pan_auth_util.c:809): Auth profile/vsys (Remote_Acess_Sequence/vsys1) is auth sequence
2017-01-12 14:26:23.046 -0800 debug: _populate_authseq_auth_vec_n_vsys_vec(pan_auth_util.c:756): auth sequence "Remote_Acess_Sequence"
enabled flag: use-domain-find-profile2017-01-12 14:26:23.046 -0800 debug: _has_domain_in_request(pan_auth_util.c:692): Extracted domain info "coanaheim" from user name "fmurray"
2017-01-12 14:26:23.046 -0800 debug: _get_auth_prof_id_in_seq_by_domain(pan_auth_util.c:726): Extracted domain info "coanaheim" from user input = user domain of profile/vsys: "RemoteAccess-LDAP/vsys1" in auth sequence
2017-01-12 14:26:23.046 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1616): Using auth seq, saving original username fmurray from request
2017-01-12 14:26:23.047 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:260): This is a single vsys platform, group check for allow list is performed on "vsys1"
2017-01-12 14:26:23.047 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:263): user "fmurray" is a member of group "cn=domain users,cn=users,dc=anaheim,dc=intranet" on single vsys
2017-01-12 14:26:23.047 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:271): user "fmurray" is in allow list of auth prof/vsys "RemoteAccess-LDAP/vsys1"
2017-01-12 14:26:23.047 -0800 debug: pan_allowlist_request_process(pan_auth_allow_lock.c:87): user "fmurray" is a member of "cn=domain users,cn=users,dc=anaheim,dc=intranet" in allow list of auth prof "RemoteAccess-LDAP"
2017-01-12 14:26:23.047 -0800 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1068): Authenticating user "fmurray" with <profile: "RemoteAccess-LDAP", vsys: "vsys1">, which is Auth Profile 1 of 2 in <sequence "Remote_Acess_Sequence", vsys "vsys1">
2017-01-12 14:26:23.047 -0800 debug: pan_auth_service_get_svr_ids(pan_auth_service.c:630): find auth server id vector for RemoteAccess-LDAP-vsys1
2017-01-12 14:26:23.047 -0800 debug: _get_AD_maxPwdAge(pan_authd_shared_ldap.c:658): getting maxPwdAge attr from AD with LDAD pointer = 0x9843eb0...
2017-01-12 14:26:23.048 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry DC=anaheim,DC=intranet
2017-01-12 14:26:23.048 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: maxPwdAge
2017-01-12 14:26:23.048 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:330): AD : Got value maxPwdAge : 77760000000000
2017-01-12 14:26:23.048 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:965): searching basedn "DC=anaheim,DC=intranet
" for filter "(sAMAccountName=fmurray)", attrs "framedIPAddress", LDAPp=0x9843eb0
2017-01-12 14:26:23.048 -0800 Error:  _send_async_ldap_search(pan_authd_shared_ldap.c:629): Failed to search. filter (sAMAccountName=fmurray), attr[0] framedIPAddress. error code: -7, (Bad search filter)
2017-01-12 14:26:23.048 -0800 Error:  pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:971): send userdn search request
2017-01-12 14:26:23.048 -0800 Error:  _start_sync_auth(pan_auth_service_handle.c:578): sync request for user "fmurray" is fai
led or possibly timed out against 172.20.1.36:389 with 0th VOIDp=0x9843eb0
2017-01-12 14:26:23.048 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2337): auth status: auth state unknown
2017-01-12 14:26:23.048 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2470): Auth sequence, start to try next auth profile: <profile: "PD_RemoteAccess-LDAP", vsys: "vsys1"> for user "fmurray"
2017-01-12 14:26:23.048 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1540): Receive request: msg type PAN_AUTH_REQ_REMOTE_INIT_AUTH, conv id 79, body length 2156
2017-01-12 14:26:23.048 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1556): Using auth sequence, copying original username fmurray into request
2017-01-12 14:26:23.048 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1563): Trying to authenticate: <profile: "Remote_Acess_Sequence", vsys: "vsys1", username "fmurray">
2017-01-12 14:26:23.048 -0800 debug: _get_auth_prof_detail(pan_auth_util.c:921): "fmurray" is a non-admin user with auth profile "Remote_Acess_Sequence" and vsys "vsys1"
2017-01-12 14:26:23.049 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:260): This is a single vsys platform, group check for allow list is performed on "vsys1"
2017-01-12 14:26:23.049 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:263): user "fmurray" is a member of group "cn=domain users,cn=users,dc=anaheim,dc=intranet" on single vsys
2017-01-12 14:26:23.049 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:271): user "fmurray" is in allow list of auth prof/vsys "PD_RemoteAccess-LDAP/vsys1"
2017-01-12 14:26:23.049 -0800 debug: pan_allowlist_request_process(pan_auth_allow_lock.c:87): user "fmurray" is a member of "cn=domain users,cn=users,dc=anaheim,dc=intranet" in allow list of auth prof "PD_RemoteAccess-LDAP"
2017-01-12 14:26:23.049 -0800 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1068): Authenticating user "fmurray" with <profile: "PD_RemoteAccess-LDAP", vsys: "vsys1">, which is Auth Profile 2 of 2 in <sequence "Remote_Acess_Sequence"
, vsys "vsys1">
2017-01-12 14:26:23.049 -0800 debug: pan_auth_service_get_svr_ids(pan_auth_service.c:630): find auth server id vector for PD_RemoteAccess-LDAP-vsys1
2017-01-12 14:26:23.049 -0800 debug: _get_AD_maxPwdAge(pan_authd_shared_ldap.c:658): getting maxPwdAge attr from AD with LDAD pointer = 0xeeb04248...
2017-01-12 14:26:23.051 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry DC=pd,DC=anaheim,DC=intranet
2017-01-12 14:26:23.051 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: maxPwdAge
2017-01-12 14:26:23.051 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:330): AD : Got value maxPwdAge : 77760000000000
2017-01-12 14:26:23.051 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:965): searching basedn "DC=pd,DC=anaheim,DC=intranet" for filter "(sAMAccountName=fmurray)", attrs "framedIPAddress", LDAPp=0xeeb04248
2017-01-12 14:26:23.051 -0800 Error:  _send_async_ldap_search(pan_authd_shared_ldap.c:629): Failed to search. filter (sAMAccountName=fmurray), attr[0] framedIPAddress. error code: -7, (Bad search filter)
2017-01-12 14:26:23.051 -0800 Error:  pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:971): send userdn search request
2017-01-12 14:26:23.051 -0800 Error:  _start_sync_auth(pan_auth_service_handle.c:578): sync request for user "fmurray" is failed or possibly timed out against 10.2.32.121:389 with 0th VOIDp=0xeeb04248
2017-01-12 14:26:23.051 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2337): auth status: auth state unknown
2017-01-12 14:26:23.051 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2479): Auth sequence, all auth profiles tried and failed: <sequence profile: "Remote_Acess_Sequence", vsys: "vsys1"> for user "fmurray"
2017-01-12 14:26:23.051 -0800 failed authentication for user 'fmurray'.  Reason: Invalid username/password auth profile 'Remote_Acess_Sequence', vsys 'vsys1', server profile 'PD_SSL_VPN_PRIFILE', server address '10.2.32.121', From: 70.197.73.40.
2017-01-12 14:26:23.051 -0800 debug: _log_auth_respone(pan_auth_server.c:240): Sent FAILED auth response for user 'fmurray' (exp_in_days=-1 (-1 never; 0 within a day))

 

 

 

 


Here's the log after reboot:

 

 

2017-01-12 14:30:03.532 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1540): Receive request: msg type PAN_AUTH_REQ_REMOTE_INIT_AUTH, conv id 80, body length 2156
2017-01-12 14:30:03.532 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1563): Trying to authenticate: <profile: "Remote_Acess_Sequence", vsys: "vsys1", username "fmurray">
2017-01-12 14:30:03.532 -0800 debug: _get_auth_prof_detail(pan_auth_util.c:921): "fmurray" is a non-admin user with auth profile "Remote_Acess_Sequence" and vsys "vsys1"
2017-01-12 14:30:03.532 -0800 debug: _get_authseq_profile(pan_auth_util.c:809): Auth profile/vsys (Remote_Acess_Sequence/vsys1) is auth sequence
2017-01-12 14:30:03.532 -0800 debug: _populate_authseq_auth_vec_n_vsys_vec(pan_auth_util.c:756): auth sequence "Remote_Acess_Sequence" enabled flag: use-domain-find-profile2017-01-12 14:30:03.532 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1616): Usingving original username fmurray from request
2017-01-12 14:30:03.533 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:260): This is a single vsys platform, group check for allow list is performed on "vsys1"
2017-01-12 14:30:03.533 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:263): user "fmurray" is a member of group "cn=domain users,cn=users,dc=anaheim,dc=intranet" on single vsys
2017-01-12 14:30:03.533 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:271): user "fmurray" is in allow list of auth prof/vsys "RemoteAccess-LDAP/vsys1"
2017-01-12 14:30:03.533 -0800 debug: pan_allowlist_request_process(pan_auth_allow_lock.c:87): user "fmurray" is a member of "cn=domain users,cn=users,dc=anaheim,dc=intranet" in allow list of auth prof "RemoteAccess-LDAP"
2017-01-12 14:30:03.533 -0800 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1068): Authenticating user "fmurray" with <profile: "RemoteAccess-LDAP", vsys: "vsys1">, which is Auth Profile 1 of 2 in <sequence "Remote_Acess_Sequence", vsys "vsys1">
2017-01-12 14:30:03.533 -0800 debug: pan_auth_service_get_svr_ids(pan_auth_service.c:630): find auth server id vector for RemoteAccess-LDAP-vsys1
2017-01-12 14:30:03.533 -0800 debug: _get_AD_maxPwdAge(pan_authd_shared_ldap.c:658): getting maxPwdAge attr from AD with LDAD pointer = 0x9843eb0...
2017-01-12 14:30:03.534 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry DC=anaheim,DC=intranet
2017-01-12 14:30:03.534 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: maxPwdAge
2017-01-12 14:30:03.534 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:330): AD : Got value maxPwdAge : 77760000000000
2017-01-12 14:30:03.534 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:965): searching basedn "DC=anaheim,DC=intranet" for filter "(sAMAccountName=fmurray)", attrs "framedIPAddress", LDAPp=0x9843eb0
2017-01-12 14:30:03.535 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: cn
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: userAccountControl
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:337): AD : Got value userAccountControl : 512
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: pwdLastSet
2017-01-12 14:30:03.535 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:320): AD : Got value pwdLastSet : 131226705754141950
2017-01-12 14:30:03.535 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1029): Received user DN: "CN=Frank Murray,OU=Nor,DC=anaheim,DC=intranet"
2017-01-12 14:30:03.535 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1052): DN sent to LDAP server: CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet
2017-01-12 14:30:03.537 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1077): User "fmurray" is ACCEPTED (msgid = 10, LDAPp=0x9843eb0)
2017-01-12 14:30:03.537 -0800 debug: _get_AD_passwd_exp_in_days(pan_authd_shared_ldap.c:79): userAccountControl = 512 (not never expire)
2017-01-12 14:30:03.537 -0800 pwdlastset: 13122670575
2017-01-12 14:30:03.537 -0800 debug: _get_AD_passwd_exp_in_days(pan_authd_shared_ldap.c:139): AD pwd expires in days 20
2017-01-12 14:30:03.537 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1086): Got user expire-in-days: -1 (-1 means no expiration), passwd_exp in auth profile: 7
2017-01-12 14:30:03.537 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1131): binding back to PaloAltoServices@anaheim.intranet
2017-01-12 14:30:03.537 -0800 debug: pan_authd_ldap_bind(pan_authd_shared_ldap.c:569): binding with binddn PaloAltoServices@anaheim.intranet
2017-01-12 14:30:03.539 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2337): auth status: auth success
2017-01-12 14:30:03.539 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2397): Authentication success: <profile: "RemoteAccess-LDAP", vsys: "vsys1", username "fmurray">
2017-01-12 14:30:03.540 -0800 authenticated for user 'fmurray'.   auth profile 'Remote_Acess_Sequence', vsys 'vsys1', server profile 'SSL_VPN_PROFILE', server address '172.20.1.36', From: 70.197.73.40.
2017-01-12 14:30:03.541 -0800 debug: _log_auth_respone(pan_auth_server.c:240): Sent SUCCESS auth response for user 'fmurray' (exp_in_days=-1 (-1 never; 0 within a day)) (return domain 'coanaheim')
2017-01-12 14:30:04.005 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1540): Receive request: msg type PAN_AUTH_REQ_REMOTE_INIT_AUTH, conv id 81, body length 2156
2017-01-12 14:30:04.005 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1563): Trying to authenticate: <profile: "Remote_Acess_Sequence", vsys: "vsys1", username "fmurray">
2017-01-12 14:30:04.005 -0800 debug: _get_auth_prof_detail(pan_auth_util.c:921): "fmurray" is a non-admin user with auth profile "Remote_Acess_Sequence" and vsys "vsys1"
2017-01-12 14:30:04.005 -0800 debug: _get_authseq_profile(pan_auth_util.c:809): Auth profile/vsys (Remote_Acess_Sequence/vsys1) is auth sequence
2017-01-12 14:30:04.005 -0800 debug: _populate_authseq_auth_vec_n_vsys_vec(pan_auth_util.c:756): auth sequence "Remote_Acess_Sequence" enabled flag: use-domain-find-profile2017-01-12 14:30:04.005 -0800 debug: pan_auth_request_process(pan_auth_state_engine.c:1616): Using auth seq, saving original username fmurray from request
2017-01-12 14:30:04.005 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:260): This is a single vsys platfo
rm, group check for allow list is performed on "vsys1"
2017-01-12 14:30:04.005 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:263): user "fmurray" is a member o
f group "cn=domain users,cn=users,dc=anaheim,dc=intranet" on single vsys
2017-01-12 14:30:04.005 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:271): user "fmurray" is in allow l
ist of auth prof/vsys "RemoteAccess-LDAP/vsys1"
2017-01-12 14:30:04.005 -0800 debug: pan_allowlist_request_process(pan_auth_allow_lock.c:87): user "fmurray" is a member of "cn=domain
users,cn=users,dc=anaheim,dc=intranet" in allow list of auth prof "RemoteAccess-LDAP"
2017-01-12 14:30:04.006 -0800 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1068): Authenticating user "fmur
ray" with <profile: "RemoteAccess-LDAP", vsys: "vsys1">, which is Auth Profile 1 of 2 in <sequence "Remote_Acess_Sequence", vsys "vsys1
">
2017-01-12 14:30:04.006 -0800 debug: pan_auth_service_get_svr_ids(pan_auth_service.c:630): find auth server id vector for RemoteAccess-
LDAP-vsys1
2017-01-12 14:30:04.006 -0800 debug: _get_AD_maxPwdAge(pan_authd_shared_ldap.c:658): getting maxPwdAge attr from AD with LDAD pointer =
 0x9843eb0...
2017-01-12 14:30:04.007 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry DC=anaheim,DC=intranet
2017-01-12 14:30:04.007 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: maxPwdAge
2017-01-12 14:30:04.007 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:330): AD : Got value maxPwdAge : 77760000000000
2017-01-12 14:30:04.007 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:965): searching basedn "DC=anaheim,DC=intranet
" for filter "(sAMAccountName=fmurray)", attrs "framedIPAddress", LDAPp=0x9843eb0
2017-01-12 14:30:04.008 -0800 debug: _parse_ldap_search_result(pan_authd_shared_ldap.c:386): DN in entry CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: cn
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: userAccountControl
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:337): AD : Got value userAccountControl : 512
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:294): found LDAP attribute: pwdLastSet
2017-01-12 14:30:04.008 -0800 debug: _process_user_info(pan_authd_shared_ldap.c:320): AD : Got value pwdLastSet : 131226705754141950
2017-01-12 14:30:04.008 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1029): Received user DN: "CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet"
2017-01-12 14:30:04.008 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1052): DN sent to LDAP server: CN=Frank Murray,OU=Network Team,OU=HP,OU=Contractor,DC=anaheim,DC=intranet
2017-01-12 14:30:04.010 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1077): User "fmurray" is ACCEPTED (msgid = 14, LDAPp=0x9843eb0)
2017-01-12 14:30:04.010 -0800 debug: _get_AD_passwd_exp_in_days(pan_authd_shared_ldap.c:79): userAccountControl = 512 (not never expire)
2017-01-12 14:30:04.010 -0800 pwdlastset: 13122670575
2017-01-12 14:30:04.010 -0800 debug: _get_AD_passwd_exp_in_days(pan_authd_shared_ldap.c:139): AD pwd expires in days 20
2017-01-12 14:30:04.010 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1086): Got user expire-in-days: -1 (-1 means no expiration), passwd_exp in auth profile: 7
2017-01-12 14:30:04.010 -0800 debug: pan_authd_ldap_authenticate(pan_authd_shared_ldap.c:1131): binding back to PaloAltoServices@anaheim.intranet
2017-01-12 14:30:04.010 -0800 debug: pan_authd_ldap_bind(pan_authd_shared_ldap.c:569): binding with binddn PaloAltoServices@anaheim.intranet
2017-01-12 14:30:04.011 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2337): auth status: auth success
2017-01-12 14:30:04.011 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:2397): Authentication success: <profile: "Remote
Access-LDAP", vsys: "vsys1", username "fmurray">
2017-01-12 14:30:04.011 -0800 authenticated for user 'fmurray'.   auth profile 'Remote_Acess_Sequence', vsys 'vsys1', server profile 'SSL_VPN_PROFILE', server address '172.20.1.36', From: 70.197.73.40.
2017-01-12 14:30:04.011 -0800 debug: _log_auth_respone(pan_auth_server.c:240): Sent SUCCESS auth response for user 'fmurray' (exp_in_days=-1 (-1 never; 0 within a day)) (return domain 'coanaheim')
2017-01-12 14:30:04.036 -0800 debug: authd_sysd_localprofile_callback(pan_auth_sysd.c:706): localprofile sync triggered via sysd
2017-01-12 14:30:04.036 -0800 debug: authd_sysd_localprofile_callback(pan_auth_sysd.c:726): get local info for vsys1/Remote_Acess_Sequence
2017-01-12 14:30:04.036 -0800 Error:  pan_authd_profile_is_local(pan_auth_util.c:1115): get auth profile setting for profile Remote_Ace
ss_Sequence

 

0 Likes Likes
5 REPLIES 5

pulukas
L7 Applicator

‎01-22-2017 03:08 PM

You might be able to recover by stopping and starting RPC Services on the workstation short of a reboot.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

sjhwilkes
L1 Bithead
In response to pulukas

‎01-25-2017 03:57 PM

Yes I have this issue and a restart of PanGPS service is enough.  I still need to figure out a better solution though.  Trying different builds of GP right now.  7.1.5 I couldn't make work at all.  7.1.0 works with this issue.  Need to find time to try the versions in between.

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to sjhwilkes

‎01-26-2017 06:15 AM

Have you tried running the 3.1.x globalprotect client or are you still running the 3.0.x? 

0 Likes Likes

sjhwilkes
L1 Bithead
In response to BPry

‎01-26-2017 01:11 PM

Our probelm is with 3.1.5 and 3.1.0, 3.1.3 works OK.  

I think it's a bug with the way 'Allow User to Continue with Invalid Portal Server Certificate' is handled.  

I'm currently testing on a temporary IP/Domain name so my cert isn't right.  

OtakarKlier
Cyber Elite
Cyber Elite
In response to sjhwilkes

‎01-27-2017 06:32 AM

Hello,

I have a similar issue with the 3.1.5 client. Once I went back to the 3.1.3 everything was good again. Looks like a bug to me.

 

Regards,

0 Likes Likes
  • 6611 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks