For details on cookie usage on our site, read our Privacy Policy
Problems connecting to Globalprotect after users install latest windows Cumulative updates
- LIVEcommunity
- Discussions
- Network Security
- GlobalProtect Discussions
- Re: Problems connecting to Globalprotect after users install latest windows Cumulative updates
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Problems connecting to Globalprotect after users install latest windows Cumulative updates
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-12-2022 10:42 AM
There seems to be a bit of an issue connecting to Globalprotect after our windows machines have the latest microsoft cumulative updates, KB5018410 (windows 10) and KB5018418 (windows 11).
Looking in reddit it looks like other users are seeing the same problem as well, anyone got any ideas on how to fix this going forward? The only way we've been able to get users to connect is by uninstalling the latest update.
I've raised a call with our partner support but havent got anything back yet.
thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-14-2022 12:59 PM
Interesting and thanks for clarifying as our certificate is 366 days. I will see about getting this regenerated and see if it makes a difference.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-14-2022 01:07 PM
The only other thing I had done prior to installing the updated certificate was to go in to the Device->Certificate Management->SSL/TLS Service Profile and changed my service profile from Min Version TLSv1.0 to TLSv1.2 and had left the max version at Max and commit it but that did not fix the issue. So then I generated a new go daddy cert and installed it and committed it and it started working. So then I went back and changed the min version back to TLSv1.0 and committed that and it was still working. Also I just want to clarify that I updated the certificate that is installed on the Palo Alto that is used in my SSL/TLS Service Profile which that profile is then used by my Global Protect Portals and also for the public facing Global Protect portal. I don't require the global protect clients to have a certificate installed which I think is an additional security option. This is the certificate that if you went to https://yourportaldnsname in a browser would show up in the developer tools. My original one was still valid until 10/24/2022 but it was created on 9/22/2021 so while it was still valid it was issued more than 365 days ago. But maybe messing with the min version setting in the tls profile did something even though I set it back to the way it was?
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-16-2022 09:44 AM
After 5 days , we really don't have official statement about issue?
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-17-2022 06:51 AM
Within my support case the engineer acknowledged they are looking into it, that is as far as they were willing to go it seems.
I've most of the recommended changes without luck, TLS1.2/Max, new cert, most versions of GPVPN released in the past year, etc and not much progress.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-17-2022 07:32 AM - edited 10-17-2022 07:33 AM
We're supporting a few customers.
I can connect from same Global Protect client to Palo Alto customer1, but not to customer2. Since Windows 10 update.
Both have official *.domain certificates from the same issuer.
When connecting to customer1 a part of the certicate is shown in PanGPA.log and a file "C:\Users\xxx\AppData\Local\Palo Alto Networks\GlobalProtect\ServerCert.pan" is written.
But with customer2 we see this "Server cert query failed with error 12019" in PanGPA.log
- GlobalProtect Gets White Screen at CBL (v. 6.0.4-c26) in GlobalProtect Discussions
- Some users not able to connect to GlobalProtect in GlobalProtect Discussions
- GlobalProtect fails connection in GlobalProtect Discussions
- Connect to Globalprotect from Guest Zone in GlobalProtect Discussions
- GlobalProtect client previous gateway settings in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
