01-25-2024 04:39 AM
Hi Team,
Good day!
Global protect Android 13 version mobile users not connecting portal issue. Error shows "The network connection is unreachable, or the portal is unresponsive. Check the network connection and reconnect."
I have created self signed certificate and installed in the mobile but still same issue.following logs collected from Android mobile GP.log errors.
Note:its working IOS users and Android 12, 11 ,10versions
fingerprint=e2:f2:78:8a:de:bb:e7:54:c8:01:65:db:af:29:0f:c8:e5:5c:86:d7
(31135)01/25 14:20:49:44286 - checkServerTrusted: bVerifyServerCert true
(31135)01/25 14:20:49:44571 - checkServerTrusted: verify server cert now! certFilename=null, pass=xxx, revoke=true
(31135)01/25 14:20:49:44680 - verify it again CA file
(31135)01/25 14:20:49:46440 - checkServerTrustedAgainCAFile: TrustManager, size1
(31135)01/25 14:20:49:48474 - verified by system trusted credentials..
(31135)01/25 14:20:49:53441 - PanHttpsClient: 1738, found exception:javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007ad65a5fc8: Failure in SSL library, usually a protocol error
error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT (external/boringssl/src/ssl/ssl_cert.cc:605 0x7b5ae9511a:0x00000000)
(31135)01/25 14:20:49:53596 - PanHttpsClient: server cert error
(31135)01/25 14:20:49:53709 - (l6)JNI,31216,228,after JNIGetHttpResponse, ret=Valid(31135)01/21 14:20:49:53812 - (l5)JNI,31216,316,not handled, ret=error, javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007ad65a5fc8: Failure in SSL library, usually a protocol error
error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT (external/boringssl/src/ssl/ssl_cert.cc:605 0x7b5ae9511a:0x00000000), return NULL now
(31135)01/25 14:20:49:53908 - (l6)JNI,31216,7643,prelogin to portal result is
(null)
(31135)01/25 14:20:49:53955 - (l6)JNI,31216,7955,Failed to pre-login to the portal Ip address (public ip XX.Xx.Xx ) with return value 0(0).
(31135)01/25 14:20:49:54016 - (l6)JNI,31216,571,DestroyHTTPSession(31135)01/21 14:20:49:54056 - (l5)JNI,31216,10661,Portal config does not exist, try registry/plist
(31135)01/25 14:20:49:54130 - (l5)JNI,31216,8829,failed to retrieve value of the tag version.
(31135)01/25 14:20:49:54169 - (l5)JNI,31216,8844,Skip reading cached portal config.
(31135)01/25 14:20:49:54228 - (l6)JNI,31216,12503,No scep profile
(31135)01/25 14:20:49:54267 - (l6)JNI,31216,8860,portal status is Invalid portal.
02-02-2024 06:34 AM
Hi,
i face the exact same issue.
I guess we have to go over TAC and create a support case for this.
02-03-2024 03:19 AM
GP for Windows works fine, some old Android works fine, new Android got this error.(The network connection is unreachable...)
Tried to connect the phone to another company`s GP portal, it works!
The other portal have same configuration, but lower PANOS. Might be random/something else?
If I open my GP portal webpage in Chrome from the android phone I get: ERR_SSL_KEY_USAGE_INCOMPATIBLE
Hope someone figure out this one 🙂
I use PANOS 11.1.1
02-03-2024 04:50 AM
Hi ,may i know your PAN OS version?
02-04-2024 04:06 AM
I gave up the my RootCA and GlobalProtect self signed certificate. Added a free one and GlobalProtect on all mye windows and android devices.
I saved some screenshots on my webpage, hopefully they can help others .
https://www.mrlogg.no/2024/02/paloaltonetworks-globalprotect_4.html
03-17-2024 03:22 AM - edited 03-17-2024 03:29 AM
Hi
I have the same error on android 14.
If you have any updates, please let me know.
03-17-2024 11:12 AM
it is a cert issue, try with a new cert. @Divomag
03-18-2024 12:10 AM
Hi @NilsJGabrielsen ,
Good Morning!
Yes ,its a certification issue but when install new certification to the Android 14 version,still it's not working, This is maybe PAN OS issue or i'm not sure.
03-18-2024 12:43 AM
Not sure if this is a PANOS og Android issue, but a public cert fixed it for me, you can create one for free on https://app.zerossl.com/certificate/new
04-09-2024 12:09 PM
Hi, I had a similar issue, "Failure in SSL library, usually a protocol error", now the most recent Android devices and versions force the connection with TLS 1.3, That protocol is not allowed to stablish a communication though GP. You can try to check if changing the TLS/SSL profile min 1.0 and max 1.2 helps. also try to generate a new certificate and in the attributes add the Public Portal IP Address
08-18-2024 11:21 PM
Hi @Karuppu
May i ask what was resolution for this? currently have the same error with our client.
Regards
Nicko
08-19-2024 12:13 AM
I think "CA unchecked" fixed it.
08-19-2024 04:59 PM
Hi @NilsJGabrielsen ,
This means that we need to create an child certificate under the parent one?
Do we need to install both Parent and Child Certificate on the android device?
Regards
Nicko
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
