I have configure the Pre-Logon but it's not working
(T5208) 10/26/20 14:04:11:874 Debug(9110): SSO password is empty
(T5208) 10/26/20 14:04:11:874 Debug(2462): m_preUsername pre-logon
(T5208) 10/26/20 14:04:11:874 Debug(9070): Password is empty.
(T5208) 10/26/20 14:04:11:874 Debug(2483): CheckCachedPortalForPrelogon 0, PrelogonNeedTimeout 0, RenameTimeout -1, userName pre-logon, preUsername pre-logon
(T5208) 10/26/20 14:04:11:874 Debug(5720): --Set state to Retrieving configuration...
(T5208) 10/26/20 14:04:11:874 Info ( 678): return without process!!!! socket=-1, os=14
(T5208) 10/26/20 14:04:11:874 Info (11472): getaddrinfo failed with error 11001
(T5208) 10/26/20 14:04:11:874 Debug(6719): SSO enable status is 0, user name is pre-logon, domain name is .
(T5208) 10/26/20 14:04:11:874 Debug(2176): open http session. agent is PAN GlobalProtect/5.0.5-28 (Microsoft Windows 10 Enterprise , 64-bit)
(T5208) 10/26/20 14:04:11:874 Debug( 436): winhttp SetSecureProtocol, hSession=5c39e4d0, bAllProtocol=0, gbFips=0
(T5208) 10/26/20 14:04:11:874 Debug(1649): SetProxyForHost timeout:5 AutoDetect:0 url: proxy: bypass: proxystr:
(T5208) 10/26/20 14:04:11:874 Error(3244): gethostbyname(Certificate name) failed (No such host is known.
So first and foremost, 5.0.5 is pretty old and is EoE (EoL 2/12/2021) when it comes to GP agents. 5.0.10 is the preferred release within the 5.0 release and I would highly recommend migrating to 5.1.6 or 5.2.3 since they're actually being engineered.
It kind of sounds like you could potentially be hitting GPC-8192, which you'll need to upgrade or implement the listed work around to fix.
If you configure the GlobalProtect portal or gateway to authenticate users through Kerberos single sign-on (SSO) and the SSL handshake also requires machine certificate authentication (for example, with the pre-logon connect method), Kerberos SSO authentication fails if you import the user’s machine certificate to only the machine certificate store. Workaround: Import the machine certificate to both the machine certificate store and user certificate store.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!