- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-13-2022 04:53 PM
We have configured the application in Azure, and imported the profile on the palo. We have set up the gateway and portal and authentication profile. The logs on the Palo and Azure show as successful but when a user tests connecting via Global Protect client they get an auth failed. The Palo Global protect logs show failed to get client configuration. Anyone ever had this issue before?
03-17-2022 06:16 AM
Had the same issue yesterday, I am using Cloud Identity Engine to sync users and machine objects to the palo.
Under Network - Global Protect - Portals - Agent - Config Selection Criteria - Device Checks the Serial Number Check was set to "no", I changed it to "none" and everything worked.
Lesson learned, test the portal and gateway with no config selection criteria checks.
04-01-2022 05:26 AM
Hi Arne,
I had the same issue, and this exactly did it for me. I wonder what the default setting is, as I never encountered this on my other Palo Alto firewalls.
Thanks!
03-13-2024 11:38 AM
Thanks, Arne! I just had this issue today with our new GlobalProtect Portal on VM-Series. Changing the Serial Number Check from "no" to "none" allowed me to connect. Prior to that, I was also getting the "Global Protect error: Failed to get client configuration" error. Glad I found your post on this as I had checked everything else I could think of and it all looked good. Never would've thought of changing that setting and you saved me hours!
10-03-2024 01:29 PM
Had a similar issue over the last few weeks and discovered that the "mail" attribute on our user accounts weren't all populated with their email address, or had their old email address or simply an incorrect value in that field. Soon as I fixed that for the affected users, they were then able to finish authenticating, but before that I was getting auth failures and the failed to get client config stuff.
Not sure if anyone else is having this issue, but worth sharing I figured. Enabling this different auth method produced some interesting challenges.
 
					
				
				
			
		
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!

