Pre-Logon Issue

Reply
Highlighted
L4 Transporter

Pre-Logon Issue

Hi Team,

 

I have configure the Pre-Logon but it's not working 

 

(T5208) 10/26/20 14:04:11:874 Debug(9110): SSO password is empty
(T5208) 10/26/20 14:04:11:874 Debug(2462): m_preUsername pre-logon
(T5208) 10/26/20 14:04:11:874 Debug(9070): Password is empty.
(T5208) 10/26/20 14:04:11:874 Debug(2483): CheckCachedPortalForPrelogon 0, PrelogonNeedTimeout 0, RenameTimeout -1, userName pre-logon, preUsername pre-logon
(T5208) 10/26/20 14:04:11:874 Debug(5720): --Set state to Retrieving configuration...
(T5208) 10/26/20 14:04:11:874 Info ( 678): return without process!!!! socket=-1, os=14
(T5208) 10/26/20 14:04:11:874 Info (11472): getaddrinfo failed with error 11001
(T5208) 10/26/20 14:04:11:874 Debug(6719): SSO enable status is 0, user name is pre-logon, domain name is .
(T5208) 10/26/20 14:04:11:874 Debug(2176): open http session. agent is PAN GlobalProtect/5.0.5-28 (Microsoft Windows 10 Enterprise , 64-bit)
(T5208) 10/26/20 14:04:11:874 Debug( 436): winhttp SetSecureProtocol, hSession=5c39e4d0, bAllProtocol=0, gbFips=0
(T5208) 10/26/20 14:04:11:874 Debug(1649): SetProxyForHost  timeout:5 AutoDetect:0 url: proxy: bypass: proxystr:
(T5208) 10/26/20 14:04:11:874 Error(3244): gethostbyname(Certificate name) failed (No such host is known.

 

Please suggest

Highlighted
Cyber Elite

@Joshan_Lakhani,

So first and foremost, 5.0.5 is pretty old and is EoE (EoL 2/12/2021) when it comes to GP agents. 5.0.10 is the preferred release within the 5.0 release and I would highly recommend migrating to 5.1.6 or 5.2.3 since they're actually being engineered. 

It kind of sounds like you could potentially be hitting GPC-8192, which you'll need to upgrade or implement the listed work around to fix. 

If you configure the GlobalProtect portal or gateway to authenticate users through
Kerberos single sign-on (SSO) and the SSL handshake also requires machine
certificate authentication (for example, with the pre-logon connect method),
Kerberos SSO authentication fails if you import the user’s machine certificate to
only the machine certificate store.

Workaround: Import the machine certificate to both the machine certificate store
and user certificate store.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!