Global Protect PANGP Virtual Ethernet Adapter disabled after Jun21 MS Security patches. (KB5003974 suspected)

cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect PANGP Virtual Ethernet Adapter disabled after Jun21 MS Security patches. (KB5003974 suspected)

L0 Member

Starting after Microsoft Cumulative and Security updates released in June 2021, our users have been experiencing issues where they are unable to connect to Global Protect after resuming from a reboot or sleep. The blue "connect" button is present, and our portal is selected, but clicking the button does nothing. The PANGP Virtual Ethernet Adapter is in a disabled state and cannot be enabled, even with administrative privileges. The issue is subsides when the user reboots the laptop between 3-6 times, but will re-occur sporadically after reboots or the device goes to sleep. This has been observed on multiple versions of Global Protect (5.0.7-2, 5.2.4-21, 5.2.5-84,5.2.7) and on multiple device models (surface, dell), but all on Windows 10 1909 build. We suspect that KB5003974 is the cause of these issues, but have been able to roll back that update in any of our trials. Subsequent updates, such as July 21 patches, seem to cause the issue to re-occur.

The only way we've been able to determine to permanently address the issue is to fully scrub the Global Protect app from the users' device; removing registry entries, deleting the PanGPS service, clearing the WMI Cache entries, and deleting all file paths associated with the app before running a fresh install. 

Has anyone else experienced this or similar issues since applying June Cumulative/Security patches to 1909 Windows 10 systems? Is there a tool available that would allow us to completely scrub the app from users' systems without having to do the manual steps? Trying to complete these tasks in a remote work environment is exceedingly difficult. 

 

GP Issue 2.PNG

GP Issue 1.PNG

GP issue 3.PNG

   

3 REPLIES 3

L0 Member

Adding to further details to the above post:

  1. Portal/Gateway authentication is via LDAP and a machine certificate
  2. The Global Protect device traffic never hits the firewall when hitting "Connect", so it appears to be a local Global Protect client issue. 

@JordanPetrellis 

Can you explain here below   please

 

  1. The Global Protect device traffic never hits the firewall when hitting "Connect", so it appears to be a local Global Protect client issue. 

The firewall shows no connection, successful or otherwise from the device having the issue. The device with the global protect application doesn't connect to the firewall at all.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!