Palo Alto Networks - Global Protect error: Failed to get client configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Palo Alto Networks - Global Protect error: Failed to get client configuration

L0 Member

We have configured the application in Azure, and imported the profile on the palo. We have set up the gateway and portal and authentication profile. The logs on the Palo and Azure show as successful but when a user tests connecting via Global Protect client they get an auth failed. The Palo Global protect logs show failed to get client configuration. Anyone ever had this issue before?

5 REPLIES 5

L7 Applicator

Have you restricted GP to certain users or groups...   the authentication is working but seems the palo cannot find an agent config for them...

L0 Member

Had the same issue yesterday, I am using Cloud Identity Engine to sync users and machine objects to the palo.

Under Network - Global Protect - Portals - Agent - Config Selection Criteria - Device Checks the Serial Number Check was set to "no", I changed it to "none" and everything worked.

Lesson learned, test the portal and gateway with no config selection criteria checks.

Hi Arne,

I had the same issue, and this exactly did it for me. I wonder what the default setting is, as I never encountered this on my other Palo Alto firewalls.

Thanks!

Thanks, Arne! I just had this issue today with our new GlobalProtect Portal on VM-Series. Changing the Serial Number Check from "no" to "none" allowed me to connect. Prior to that, I was also getting the "Global Protect error: Failed to get client configuration" error. Glad I found your post on this as I had checked everything else I could think of and it all looked good. Never would've thought of changing that setting and you saved me hours!

L0 Member

Had a similar issue over the last few weeks and discovered that the "mail" attribute on our user accounts weren't all populated with their email address, or had their old email address or simply an incorrect value in that field.  Soon as I fixed that for the affected users, they were then able to finish authenticating, but before that I was getting auth failures and the failed to get client config stuff.

Not sure if anyone else is having this issue, but worth sharing I figured.  Enabling this different auth method produced some interesting challenges.

  • 27871 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!