01-17-2021 02:48 AM
We are facing a strange issue on a small number of notebooks (Windows 10).
When the user connects via VPN, the user seen (and used) in GlobalProtect does not match the logged in (Windows OS) user. If he clicks on "logout user", the wrong user will be used again (no popup window where the user is asked to enter a different user).
All the "sticky" users belongs to users with local administrative permissions on all of these devices. These administrative users have installed/staged the notebooks and handed them over to the "normal" users once done.
The credentials could not be found in the credential manager of Windows (neither of the "normal" nor of the "administrative" user).
Any idea how this could be solved (besides re-installation of GlobalProtect)?
01-17-2021 02:49 PM
check how the GPService is configured in the services, maybe the admins staged GlobalProtect in such a way that their username is bound to the service as the service account
01-20-2021 09:27 AM
GP was installed via software distribution, not related to the logged in admin.
I have created a dedicated profile on GP portal, valid only for the admin users. In this profile I have set "Save User Credentials" to "No" and "Clear Single Sign-On Credentials on Logout" to "Yes" (which is the default, but we changed it to no in our environment).
Looks like this wipes the credentials, and the users are asked for their credentials (might require an additional reboot).
01-22-2021 02:49 PM
By Best Practice
Select No to keep single sign-on credentials when the user logs out. Select Yes (default) to clear them and force the user to enter credentials upon the next login.
09-07-2021 12:28 PM
The solution to this problem is to open Internet Explorer 11 and clear the cache. It may be necessary to uncheck the option to preserve the session cache, logins, etc. This is what I did. After clearing the IE11 cache, launching Global Protect will give you the prompt for user name again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!