- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-08-2020 09:23 AM - edited 11-08-2020 09:23 AM
Hi Team,
I have configure the Pre-Logon but it's not working
(T5208) 10/26/20 14:04:11:874 Debug(9110): SSO password is empty
(T5208) 10/26/20 14:04:11:874 Debug(2462): m_preUsername pre-logon
(T5208) 10/26/20 14:04:11:874 Debug(9070): Password is empty.
(T5208) 10/26/20 14:04:11:874 Debug(2483): CheckCachedPortalForPrelogon 0, PrelogonNeedTimeout 0, RenameTimeout -1, userName pre-logon, preUsername pre-logon
(T5208) 10/26/20 14:04:11:874 Debug(5720): --Set state to Retrieving configuration...
(T5208) 10/26/20 14:04:11:874 Info ( 678): return without process!!!! socket=-1, os=14
(T5208) 10/26/20 14:04:11:874 Info (11472): getaddrinfo failed with error 11001
(T5208) 10/26/20 14:04:11:874 Debug(6719): SSO enable status is 0, user name is pre-logon, domain name is .
(T5208) 10/26/20 14:04:11:874 Debug(2176): open http session. agent is PAN GlobalProtect/5.0.5-28 (Microsoft Windows 10 Enterprise , 64-bit)
(T5208) 10/26/20 14:04:11:874 Debug( 436): winhttp SetSecureProtocol, hSession=5c39e4d0, bAllProtocol=0, gbFips=0
(T5208) 10/26/20 14:04:11:874 Debug(1649): SetProxyForHost timeout:5 AutoDetect:0 url: proxy: bypass: proxystr:
(T5208) 10/26/20 14:04:11:874 Error(3244): gethostbyname(Certificate name) failed (No such host is known.
Please suggest
11-09-2020 07:01 PM
So first and foremost, 5.0.5 is pretty old and is EoE (EoL 2/12/2021) when it comes to GP agents. 5.0.10 is the preferred release within the 5.0 release and I would highly recommend migrating to 5.1.6 or 5.2.3 since they're actually being engineered.
It kind of sounds like you could potentially be hitting GPC-8192, which you'll need to upgrade or implement the listed work around to fix.
If you configure the GlobalProtect portal or gateway to authenticate users through
Kerberos single sign-on (SSO) and the SSL handshake also requires machine
certificate authentication (for example, with the pre-logon connect method),
Kerberos SSO authentication fails if you import the user’s machine certificate to
only the machine certificate store.
Workaround: Import the machine certificate to both the machine certificate store
and user certificate store.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!