01-17-2022 07:30 PM
All our users are able to connect to our PA220 using Global Protect VPN except one. We've tried reinstalling the Global Protect client multiple times and also connected successfully using their account from another computer, but it just refuses to work on his.
01-19-2022 02:43 PM
For some reason our RMM software was reporting it as Windows 7, but it turns out it's actually Windows 10 sorry. The router is handing out version 5.0.10-3 of the client software.
Removed GlobalProtect, logged in as a local admin and ran the MSI from an elevated command prompt. The PANGP adapter appears in network connections and is enabled but I still can't connect.
01-19-2022 08:33 PM
Why are you still handing out 5.0.10? That major version of GlobalProtect (5.0) is almost a year past EoL. I highly recommend validating and pushing out 5.1.8 or 5.2.9 to all of your endpoints instead of continuing to push out 5.0.10. Your logs are definitely point towards an issue with the network adapter, since it's just on this one machine it could be a local conflict with something else the user has installed. Do you deploy a standard image to users within this environment?
On this machine, I would go out and download the MSI for either of the supported versions listed about and use that on this machine just to see if a current agent installation actually connects okay.
01-19-2022 08:45 PM
We inherited this site off someone else and that's the state it was in when we got it. I'll try a newer version.
01-19-2022 09:04 PM
It looks like they let all the licensing lapse on the router. I don't have the option to upgrade the version there. Does anyone know somewhere I can download a newer installer?
01-20-2022 07:05 AM
I'm not sure if the actual client installation files can directly be shared to someone without violating licensing agreements. I would think they can since it's not a agent bundle file or anything loaded directly on the firewall as a package, but atlas I'm not positive if that's the case.
So I'll let one of my sister state agencies do it for me: https://vpn.wisc.edu/clients/
01-23-2022 01:58 PM
Unfortunately installing the newer client still didn't resolve the issue. Considering how long we'd be working on this we had to resort to wiping the device and reinstalling Windows. The VPN works fine now. Thanks for all your suggestions guys.
08-31-2022 11:49 AM
I also ran into this issue on a W10 Pro laptop, about a year into use by a single user. No variation of uninstalling/reg key removal/Program File removals/re-installs GlobalProtect had any impact, just kept getting the "VPN connection Failed. Please restart your computer..."
So after hours more of GlobalProtect log chasing and troubleshooting I kept seeing this error line in the C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPHip.log file... Even after I would completely uninstall/gut GP completely from the laptop and reinstall clean this error would pop after a single vpn connection attempt.
"(T19012)Debug(2064): 08/31/22 11:58:48:473 Opswat Error(-43): A general error during a WMI call. Product: BitLocker Drive Encryption (Ver: 10.0.19041.1, Vendor: Microsoft Corp.), Method: WAAPI_MID_GET_ENCRYPTION_STATE(V3V4), Signature: 180, Category: 3(DISK_ENCRYPTION), OESIS (V4 ver: 4.3.1416.0, V3V4 ver: 4.3.987.0)"
So after half a dozen rounds of uninstall/reinstall insanity I switched directions, looked up WMI fixes, after a couple I found this https://docs.microsoft.com/en-us/answers/questions/684166/failed-to-initialize-all-required-wmi-clas... (last post on page) and this guy (thanks LimitlessTechnology-2700) put together all the WMI check/repair commands together to run in a batch file, which I did. I didn't even try another uninstall/reinstall after running this batch file via command line(admin), I just opened GlobalProtect from the system tray and clicked Refresh Connection, and it connected. My troubleshooting took me all over, was about to test new user profiles and was thinking I may have to reinstall W10 when I found this so I had to share.
If you run this from command line you'll see all the commands and responses so if it doesn't completely fix your issue, it will show you the error responses which should point you in the right direction. The list of commands to copy into a batch file, or run one by one are...
Winmgmt /verifyrepository
net stop winmgmt
c:
cd %windir%\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in (’dir /b /s *.dll’) do regsvr32 /s %%s
for /f %%s in (’dir /b *.mof’) do mofcomp %%s
for /f %%s in (’dir /b *.mfl’) do mofcomp %%s
mofcomp -n:root\cimv2\applications\exchange wbemcons.mof
mofcomp -n:root\cimv2\applications\exchange smtpcons.mof
mofcomp exmgmt.mof
mofcomp exwmi.mof
net start winmgmt
09-11-2022 11:41 AM - edited 09-11-2022 11:42 AM
Also the same situation - Windows 10, there are some info in attached fragment of logfile : some error which forced to stop the process. By the way - manual connection via www access do works.. what else I can do ? :I already several times deinstal/clean registry, clean directories etc..nothing helps
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
