Login issue with 6.0.0?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Login issue with 6.0.0?

Not applicable

Has anyone noticed a login issue since upgrading to 6.0.0?  It seems inconsistent, but when I log in from the outside interface, I will get the message, "Creating administrative session.  Please wait".  I will then get returned back to the login prompt.  If I VPN in and log in from the inside interface, I will see all my hung login attempts from my outside IP.  Seems like a minor issue, but it could take up management CPU resources from an unwary user.  This is on a PA-500 running 6.0.0, anyone else have the same issue?

-Johnny

8 REPLIES 8

L6 Presenter

Yes saw the same issue.But after sometime it did not happen.

Something triggers that but I don't know what.

L7 Applicator

Hello Johny,

I would suggest you generate a new certificate through the CLI and update the web-server certificate setting to use it and see if the issue clears?   

admin@pan.work> request certificate generate certificate-name NewWebCert name NewWebCert

admin@pan.work> configure

Entering configuration mode

[edit]

admin@pan.work# set deviceconfig system web-server-certificate NewWebCert

[edit]

admin@pan.work# commit

Thanks

HULK,

    Will this affect the operation of our current certificate?  We only use it as a GUI certificate and don't want to have to generate another CSR or get another certificate from our CA.  Thanks.

-Johnny

Hello,

Are you using any external certificate to access web-browser..?

Thanks

We use the GUI certificate to access the firewall externally as well as internally through the web browser.

Thanks for your update. The above mentioned command will not affect the operation of your current certificate.

Thanks

I am continuing to get this problem when I log in to the firewall after re-generating the certificate when I log in with the fqdn.  When I log in through the IP address it works fine.  Any ideas?

I log in to a PA-200 using the FQDN almost daily from a remote location and have not seen this issue. I am using a public CA (godaddy) for that certificate, and it was the same cert used when I was running 5.0.10.

A couple things you might try:

1. Check the authd.log file to see if there is anything relating to the login there:

> less mp-log authd.log {hit Shift+G to go to the bottom of the log, navigation is the same as linux 'less' or VIM}

2. Turn on authd debug and check the above log again after attempting a login

> debug authd on debug {disable it afterwards with 'debug authd on info'}

3. If the auth is successful as I suspect, you may be experiencing an issue with the PHP that the GUI web server is using. There's an article on getting a PHP debug log from the GUI, though it may be difficult if you can't get in to begin with. Still, may be worth a shot:

How to Run a PAN-OS Web UI Debug

Hope this helps!

Greg

  • 3855 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!