Login issue with 6.0.0?

Reply
Highlighted
Not applicable

Login issue with 6.0.0?

Has anyone noticed a login issue since upgrading to 6.0.0?  It seems inconsistent, but when I log in from the outside interface, I will get the message, "Creating administrative session.  Please wait".  I will then get returned back to the login prompt.  If I VPN in and log in from the inside interface, I will see all my hung login attempts from my outside IP.  Seems like a minor issue, but it could take up management CPU resources from an unwary user.  This is on a PA-500 running 6.0.0, anyone else have the same issue?

-Johnny

Highlighted
L6 Presenter

Yes saw the same issue.But after sometime it did not happen.

Something triggers that but I don't know what.

Highlighted
L7 Applicator

Hello Johny,

I would suggest you generate a new certificate through the CLI and update the web-server certificate setting to use it and see if the issue clears?   

admin@pan.work> request certificate generate certificate-name NewWebCert name NewWebCert

admin@pan.work> configure

Entering configuration mode

[edit]

admin@pan.work# set deviceconfig system web-server-certificate NewWebCert

[edit]

admin@pan.work# commit

Thanks

Highlighted
Not applicable

HULK,

    Will this affect the operation of our current certificate?  We only use it as a GUI certificate and don't want to have to generate another CSR or get another certificate from our CA.  Thanks.

-Johnny

Highlighted
L7 Applicator

Hello,

Are you using any external certificate to access web-browser..?

Thanks

Highlighted
Not applicable

We use the GUI certificate to access the firewall externally as well as internally through the web browser.

Highlighted
L7 Applicator

Thanks for your update. The above mentioned command will not affect the operation of your current certificate.

Thanks

Highlighted
Not applicable

I am continuing to get this problem when I log in to the firewall after re-generating the certificate when I log in with the fqdn.  When I log in through the IP address it works fine.  Any ideas?

Highlighted
L7 Applicator

I log in to a PA-200 using the FQDN almost daily from a remote location and have not seen this issue. I am using a public CA (godaddy) for that certificate, and it was the same cert used when I was running 5.0.10.

A couple things you might try:

1. Check the authd.log file to see if there is anything relating to the login there:

> less mp-log authd.log {hit Shift+G to go to the bottom of the log, navigation is the same as linux 'less' or VIM}

2. Turn on authd debug and check the above log again after attempting a login

> debug authd on debug {disable it afterwards with 'debug authd on info'}

3. If the auth is successful as I suspect, you may be experiencing an issue with the PHP that the GUI web server is using. There's an article on getting a PHP debug log from the GUI, though it may be difficult if you can't get in to begin with. Still, may be worth a shot:

How to Run a PAN-OS Web UI Debug

Hope this helps!

Greg

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!