Global Protect stopped working after upgrade to 5.2.9

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect stopped working after upgrade to 5.2.9

L0 Member

Hi,

 

After upgrading GP from 5.2.6 to 5.2.9 it stopped working for some reason. Basically, it tries to maintain VPN connection but after providing credentials it immediately stops the process - the Connect button is active again - there is no error displayed on the UI.

 

It starts working again when downgrading to 5.2.6.

 

Any tips?

 

Thanks for help in advance!

 

Logs:

(P2052-T3312)Debug(10918): 02/03/22 02:49:09:059 SSO password is empty
(P2052-T3312)Debug(3243): 02/03/22 02:49:09:059 Empty username
(P2052-T3312)Debug(3275): 02/03/22 02:49:09:059 m_preUsername ___empty_username___
(P2052-T3312)Debug(10878): 02/03/22 02:49:09:059 Password is empty.
(P2052-T3312)Debug(8117): 02/03/22 02:49:09:059 Empty user for GetCachedPortalCfgOldNewFileName
(P2052-T3312)Debug(3296): 02/03/22 02:49:09:059 CheckCachedPortalForPrelogon 0, PrelogonNeedTimeout 0, RenameTimeout 10, userName ___empty_username___, preUsername ___empty_username___
(P2052-T3312)Debug(3474): 02/03/22 02:49:09:059 Use ssl tunnel is no
(P2052-T3312)Debug(3484): 02/03/22 02:49:09:059 bCheckCachedPortalForPrelogon: 0, m_bOnDemand: 1
(P2052-T3312)Debug(7064): 02/03/22 02:49:09:059 --Set state to Retrieving configuration...
(P2052-T3312)Debug(13485): 02/03/22 02:49:09:059 Portal's ipv4 address <XXXXXX>
(P2052-T3312)Debug(8219): 02/03/22 02:49:09:059 SSO enable status is 1, user name is ___empty_username___, domain name is .
(P2052-T3312)Debug(2346): 02/03/22 02:49:09:059 open http session. agent is PAN GlobalProtect/5.2.9-35 (Microsoft Windows Server 2012 Standard Edition, 64-bit)
(P2052-T3312)Debug( 469): 02/03/22 02:49:09:059 winhttp SetSecureProtocol, hSession=4731f6b0, bAllProtocol=0, gbFips=0
(P2052-T3312)Debug( 469): 02/03/22 02:49:09:059 winhttp SetSecureProtocol, hSession=4731f8e0, bAllProtocol=0, gbFips=0
(P2052-T3312)Debug(1767): 02/03/22 02:49:09:059 SetProxyForHost(<XXXXXX>): timeout:60 AutoDetect:1 url: proxy: bypass: proxystr:
(P2052-T3312)Debug(7112): 02/03/22 02:49:09:059 ----Portal Pre-login starts----
(P2052-T3312)Debug(5283): 02/03/22 02:49:09:059 TriggerCaptivePortalDetection() return due to captive portal detection is in progress (0) or PreLogin is Done (1)
(P2052-T8064)Error( 592): 02/03/22 02:49:09:059 Could not connect. Error code = 0x8004100e
(P2052-T8064)Debug( 726): 02/03/22 02:49:09:059 HipMonitorThread quits.
(P2052-T3312)Debug( 564): 02/03/22 02:49:09:075 Network is reachable
(P2052-T3312)Debug(7146): 02/03/22 02:49:09:075 Pre-login...,verifyportalcert=yes
(P2052-T3312)Debug(11315): 02/03/22 02:49:09:075 Check cert of server <XXXXXX>
(P2052-T3312)Debug( 788): 02/03/22 02:49:09:075 SSL connecting to <XXXXXX>
(P2052-T3312)Debug( 564): 02/03/22 02:49:09:075 Network is reachable
(P2052-T3312)Debug(1309): 02/03/22 02:49:09:215 Unable to verify server cert. Result is unable to get issuer certificate
(P2052-T3312)Debug(1014): 02/03/22 02:49:09:215 Hostname <XXXXXX> matches sub alt name <XXXXXX>
(P2052-T3312)Debug(1346): 02/03/22 02:49:09:215 OpenSSL alert write‌‌close notify
(P2052-T3312)Debug(2804): 02/03/22 02:49:09:215 encpostdata, encpostdata=000002A647408BB0, encpostdatalen=192
(P2052-T3312)Debug(2981): 02/03/22 02:49:09:215 REQID=59,IPADDR=<XXXXXX>,PORT=443,URL=/global-protect/prelogin.esp,POST=1,PROXY_AUTO=1,PROXY_CFGURL=NULL,PROXY=NULL,PROXY_BYPASS=NULL,PROXY_USER=NULL,PROXY_PASS=****,VERIFY_CERT=1,ADDITIONAL_CHECK=1,SCEP_CERT=,oid=
(P2052-T3312)Debug(1884): 02/03/22 02:49:09:215 Send response to client for request https_request
(P2052-T3312)Debug(3091): 02/03/22 02:49:09:293 receive pan_msg_ping, 1
(P2052-T3312)Debug(7270): 02/03/22 02:49:09:293 prelogin to portal result is
<?xml version="1.0" encoding="UTF-8" ?>
<prelogin-response>
<status>Success</status>
<ccusername></ccusername>
<autosubmit>false</autosubmit>
<msg></msg>
<newmsg></newmsg>
<authentication-message>Enter login credentials</authentication-message>
<username-label>Username</username-label>
<password-label>Password</password-label>
<panos-version>1</panos-version>
<saml-default-browser>yes</saml-default-browser><saml-auth-status>0</saml-auth-status>
<saml-auth-method>REDIRECT</saml-auth-method>
<saml-request-timeout>600</saml-request-timeout>
<saml-request-id>0</saml-request-id><saml-request><XXXXXX></saml-request><region>US</region>
</prelogin-response>
(P2052-T3312)Debug(7311): 02/03/22 02:49:09:293 REGION-PRIO, region code is US
(P2052-T3312)Debug(13297): 02/03/22 02:49:09:293 REGION-PRIO, save region code US
(P2052-T3312)Debug(7330): 02/03/22 02:49:09:293 Portal's saml auth status 0
(P2052-T3312)Debug(7339): 02/03/22 02:49:09:293 Portal's saml auth method REDIRECT
(P2052-T3312)Debug(7349): 02/03/22 02:49:09:293 Portal's saml-request <XXXXXX>
(P2052-T3312)Debug(7378): 02/03/22 02:49:09:293 Portal's saml default browser support = yes
(P2052-T3312)Debug(7389): 02/03/22 02:49:09:293 Portal's saml request id 0
(P2052-T3312)Debug(7398): 02/03/22 02:49:09:293 Portal authentication-message is Enter login credentials
(P2052-T3312)Debug(7414): 02/03/22 02:49:09:293 autosubmit is false
(P2052-T3312)Debug(9088): 02/03/22 02:49:09:293 ----Portal Login starts----
(P2052-T3312)Debug(2280): 02/03/22 02:49:09:293 Failed to open file <XXXXXX>\AppData\Local\Palo Alto Networks\GlobalProtect\PanPUAC_d77de893b65f2609dc681c371b4d8a6.dat
(P2052-T3312)Debug(9098): 02/03/22 02:49:09:293 Saml auth
(P2052-T3312)Debug(8314): 02/03/22 02:49:09:293 Return false for saml auth
(P2052-T3312)Debug(8315): 02/03/22 02:49:09:293 m_preUsername ___empty_username___, IsInPrelogon() 0
(P2052-T3312)Debug(1884): 02/03/22 02:49:09:293 Send response to client for request saml-pre-login
(P2052-T3312)Info ( 531): 02/03/22 02:49:09:403 msgtype = portal
(P2052-T3312)Debug(2547): 02/03/22 02:49:09:403 ----portal processing starts----
(P2052-T3312)Debug(2577): 02/03/22 02:49:09:403 User profile type is 0(not roaming)
(P2052-T3312)Debug(2610): 02/03/22 02:49:09:403 pg, source = 0, old source is 0
(P2052-T3312)Debug(2632): 02/03/22 02:49:09:403 pg, preferred gateway not set in message, old prefergateway=:)
(P2052-T3312)Debug(2689): 02/03/22 02:49:09:403 CheckUpdate is false.
)(P2052-T3312)Debug(2704): 02/03/22 02:49:09:403 portal-certificate-verification is yes
(P2052-T3312)Debug(2744): 02/03/22 02:49:09:403 No saml-load-cache tag.
(P2052-T3312)Debug(2767): 02/03/22 02:49:09:403 no saml-auth-error tag.
(P2052-T3312)Debug(2780): 02/03/22 02:49:09:403 allow-cached-portal is yes
(P2052-T3312)Debug(2824): 02/03/22 02:49:09:403 NewWinUser is <XXXXXX>, WinUser is , PreviousSwitchOffMsg is false
(P2052-T3312)Debug(2825): 02/03/22 02:49:09:403 GetPrelogonStatus() 0, m_userName ___empty_username___, m_preUsername ___empty_username___
(P2052-T3312)Debug(3644): 02/03/22 02:49:09:403 Now is 1643885349, last user login time is 0
(P2052-T3312)Debug(3648): 02/03/22 02:49:09:403 tDelta is 1643885349, grace period is 1
(P2052-T3312)Debug(6936): 02/03/22 02:49:09:403 StopThreads starts:
(P2052-T3312)Debug(6943): 02/03/22 02:49:09:403 There are 5 threads running...
(P2052-T3312)Debug(1390): 02/03/22 02:49:09:403 Logging out gateway, reason is StopThreads
(P2052-T5860)Debug(6707): 02/03/22 02:49:09:403 NetworkConnectionMonitorThread: got exit event.
(P2052-T3312)Debug(1429): 02/03/22 02:49:09:403 Logging out gateway over
(P2052-T7616)Debug(5665): 02/03/22 02:49:09:403 NetworkDiscoverThread: got exit event.
(P2052-T3312)Debug(6953): 02/03/22 02:49:09:403 Going to wait all threads exit...
(P2052-T7616)Debug(6184): 02/03/22 02:49:09:403 NetworkDiscoverThread: quits.
(P2052-T5860)Debug(6722): 02/03/22 02:49:09:403 NetworkConnectionMonitorThread: quits.
(P2052-T3668)Debug(6310): 02/03/22 02:49:09:403 HipReportThread: got exit event.
(P2052-T3668)Debug(6550): 02/03/22 02:49:09:403 HipReportThread: HipReportThread quits.
(P2052-T4984)Debug(5210): 02/03/22 02:49:09:403 NotificationTimerThread: got exit event.
(P2052-T4148)Debug(5412): 02/03/22 02:49:09:403 CaptivePortalDetectionThread: got exit event.
(P2052-T4148)Debug(5580): 02/03/22 02:49:09:403 CaptivePortalDetectionThread: captive portal detection thread exit status is (successful).
(P2052-T3312)Debug(6957): 02/03/22 02:49:09:512 threads are gracefully stopped, counter=599.
(P2052-T3312)Debug(6970): 02/03/22 02:49:09:512 Double check all threads.
(P2052-T3312)Debug(7021): 02/03/22 02:49:09:512 To reset thread quit event.
(P2052-T8080)Debug( 432): 02/03/22 02:49:09:512 HipMissingPatchThread: got thread exit event.
(P2052-T6832)Debug( 242): 02/03/22 02:49:09:512 HipCheckThread: got thread exit event.
(P2052-T6832)Debug( 287): 02/03/22 02:49:09:512 HipCheckThread: Hip check thread quits.
(P2052-T8080)Debug( 530): 02/03/22 02:49:09:528 HipMissingPatchThread: Hip check missiing patch thread quits.
(P2052-T3312)Debug( 132): 02/03/22 02:49:09:528 All hip collect threads quit gracefully.
(P2052-T3312)Debug(7031): 02/03/22 02:49:09:528 StopThreads ends.
(P2052-T3312)Debug(6900): 02/03/22 02:49:09:528 StartThreads starts:
(P2052-T3312)Debug( 25): 02/03/22 02:49:09:528 create thread 0x378 with thread ID 8068
(P2052-T3312)Debug( 25): 02/03/22 02:49:09:528 create thread 0x4dc with thread ID 8072
(P2052-T8068)Debug(5053): 02/03/22 02:49:09:528 NotificationTimerThread: notification timer thread starts.
(P2052-T3312)Debug( 25): 02/03/22 02:49:09:528 create thread 0x498 with thread ID 5328
(P2052-T8068)Debug(5203): 02/03/22 02:49:09:528 NotificationTimerThread: wait (-1 ms) for notification timer event.
(P2052-T3312)Debug( 25): 02/03/22 02:49:09:528 create thread 0x5e4 with thread ID 6776
(P2052-T8072)Debug(5249): 02/03/22 02:49:09:528 CaptivePortalDetectionThread: captive portal detection thread starts.
(P2052-T8072)Debug(5409): 02/03/22 02:49:09:528 CaptivePortalDetectionThread: wait (-1 ms) for captive portal detection event.
(P2052-T3312)Debug( 25): 02/03/22 02:49:09:528 create thread 0x7d4 with thread ID 6752
(P2052-T6776)Debug(6276): 02/03/22 02:49:09:528 HipReportThread: HipReportThread starts up.
(P2052-T5328)Debug(5590): 02/03/22 02:49:09:528 NetworkDiscoverThread: network discover thread starts.
(P2052-T6776)Debug(6302): 02/03/22 02:49:09:528 HipReportThread: wait for HIP report ready event.
(P2052-T5328)Debug(5655): 02/03/22 02:49:09:528 NetworkDiscoverThread: wait for network discover event.
(P2052-T3312)Debug( 25): 02/03/22 02:49:09:528 create thread 0x5ec with thread ID 6284
(P2052-T6752)Debug(6558): 02/03/22 02:49:09:528 NetworkConnectionMonitorThread: network connection monitor thread starts.
(P2052-T3312)Debug( 25): 02/03/22 02:49:09:528 create thread 0x620 with thread ID 2356
(P2052-T6284)Debug( 167): 02/03/22 02:49:09:528 Start HipCheckThread
(P2052-T6284)Debug( 210): 02/03/22 02:49:09:528 HipCheckThread started...
(P2052-T6284)Debug( 216): 02/03/22 02:49:09:528 HipCheckThread: wait for hip check event for 3600000 ms);
(P2052-T2356)Debug( 176): 02/03/22 02:49:09:528 Start HipMissingPatchThread
(P2052-T2356)Debug( 406): 02/03/22 02:49:09:528 HipMissingPatchThread started...
(P2052-T3312)Debug( 25): 02/03/22 02:49:09:528 create thread 0x78c with thread ID 7860
(P2052-T3312)Debug(2855): 02/03/22 02:49:09:528 Update GP disable status to false
(P2052-T7860)Debug( 186): 02/03/22 02:49:09:528 Start HipMonitorThread
(P2052-T7860)Info ( 722): 02/03/22 02:49:09:528 HipMonitorThread starts
(P2052-T3312)Debug(2953): 02/03/22 02:49:09:528 No user, using SSO
(P2052-T3312)Debug(10901): 02/03/22 02:49:09:528 Saved password is empty.
(P2052-T3312)Debug(3013): 02/03/22 02:49:09:528 Portal <XXXXXX>, user , logonDomain <XXXXXX>, saved user <XXXXXX>, path <XXXXXX>\AppData\Local\Palo Alto Networks\GlobalProtect\
(P2052-T3312)Debug(3079): 02/03/22 02:49:09:528 use proxy is 1
(P2052-T3312)Debug(3137): 02/03/22 02:49:09:528 Pre-logon-then-on-demand value is no
(P2052-T7860)Info ( 435): 02/03/22 02:49:09:528 HipMonitorThread is using WMI.
(P2052-T3312)Debug(1632): 02/03/22 02:49:09:528 SSO starts.
(P2052-T3312)Info (1661): 02/03/22 02:49:09:528 SSO ----- PanCredGet failed with error Element not found.
(P2052-T3312)Debug(1672): 02/03/22 02:49:09:528 SSO GetSsoCredential starts.
(P2052-T3312)Info (1702): 02/03/22 02:49:09:528 SSO ----- PanCredGet failed with error Element not found.
1 REPLY 1

L1 Bithead

Are you using client certs/pre-logon? If so, 5.2.9-5.2.10 have a known bug (unpublished) that prevents GP from accessing the client certificate. Downgrading to 5.2.8 or below fixes the issue. 

Zach Biles -
https://www.linkedin.com/in/zachary-biles-a5097532/
  • 3031 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!