GlobalProtect could not connect - socket error 10047

Reply
Highlighted
L0 Member

GlobalProtect could not connect - socket error 10047

Hi,

I got two computers that have installed agent GP 5072 and are connected to the same home network. The first one with win10 has no issues in connecting. The second one mounts win7 and its connection always fails with error "Could not connect to the GlobalProtect gateway. Please contact your IT administrator."

 

After digging in the PanGPS logs of the two I found out that in the "Set state to discovering network" section of the non working one  many times appears the line "Debug(1673): Has proxy", line that is never present in the log of the computer where GP works. Out of this, sections are 100% the same in the two logs.

Furhtermore log of affected pc reports the following in gateway pre-login (addresses have been changed in numbers and letters to post here, but in the log they are correct):

 

(T12216) 06/09/20 12:14:20:794 Debug(3286): ----Gateway Pre-login starts----
(T12216) 06/09/20 12:14:20:794 Debug(9690): Check cert of server 1.2.3.4
(T12216) 06/09/20 12:14:20:795 Debug(9705): File C:\Program Files\Palo Alto Networks\GlobalProtect\tca.cer does not exist.
(T12216) 06/09/20 12:14:20:795 Debug( 777): SSL connecting to 1.2.3.4
(T12216) 06/09/20 12:14:20:795 Debug( 289): host 1.2.3.4, proxy=localhost, port=21320, isIpv6=0
(T12216) 06/09/20 12:14:20:796 Debug( 496): host is 1.2.3.4, port=443, isIpV6=0, bProxy=1, proxyhost=localhost, proxyport=21320
(T12216) 06/09/20 12:14:20:806 Debug( 550): Network is reachable
(T12216) 06/09/20 12:14:20:807 Debug( 112): connect failed with error 10047(Indirizzo utilizzato incompatibile con il protocollo richiesto.)
(T12216) 06/09/20 12:14:20:807 Debug( 560): Failed to connect to 1.2.3.4 on 443 with return value -1 and socket error 10047(Indirizzo utilizzato incompatibile con il protocollo richiesto.)
(T12216) 06/09/20 12:14:20:807 Debug( 781): do_tcp_connect() failed
(T12216) 06/09/20 12:14:20:807 Error(9736): ConnectSSL: Failed to connect to '1.2.3.4:443'. Disconnect ssl.
(T12216) 06/09/20 12:14:20:807 Debug(9749): Cannot get server cert of 1.2.3.4
(T12216) 06/09/20 12:14:20:807 Debug(5796): Already tried both ipv4 and ipv6 for gateway vpn.abcd.com
(T12216) 06/09/20 12:14:20:807 Error(3314): Failed to connect to gateway vpn.abcd.com.
(T12216) 06/09/20 12:14:20:808 Debug(5189): Show Gateway vpn.abcd.com: Could not connect to the GlobalProtect gateway. Please contact your IT administrator.

 

It seems to me that failing computer somehow tries to set a proxy that should not be there, even if no proxy is configured in any part of the compouter... Any suggestions?

Highlighted
L3 Networker

Hello @MatteoD,

 

I was able to find some information that TCP 21320 was/is used by Spybot – Search & Destroy (https://www.safer-networking.org/) built-in proxy.

Also some malware was using this port... you should look really close on this PC

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!