GlobalProtect Client is not Connecting

GlobalProtect Client is not Connecting

151171
Created On 09/25/18 20:40 PM - Last Updated 04/29/20 16:34 PM


Symptom
GlobalProtect client is not able to connect.

Environment
  • Pan-OS
  • Global Protect


Cause
This indicates a problem with the PanGPA service's connection to the PanGPS service on the same workstation.
 

Troubleshooting/Verification

The following log can be found in PanGPA.log on the client machine:

 

P 195-T519 Oct 09 18:02:17:24315 Info ( 83): Failed to connect to server at port:4767

P 195-T519 Oct 09 18:02:17:24325 Info ( 460): Cannot connect to service, error: 61

P 195-T519 Oct 09 18:02:17:24330 Debug( 742): Unable to connect to service

 

The PanGPS service should be listening on localhost port 4767. To verify, run either of the following commands:

 

  • For Macs perform the following (Via Terminal):
netstat -an | grep 4767

tcp4 0 0 127.0.0.1.4767 *.* LISTEN

 

  • For Windows, perform the following (Via CLI):
netstat -an | find "4767"

TCP    127.0.0.1:4767         0.0.0.0:0              LISTENING


Resolution

Resolution

If there is no active listener on port 4767, the service didn't start properly. Refer to the PanGPS.log for more information as to why or investigate other custom OS changes that could cause conflict.

 

If there is a listener, try connecting to the port by using the telnet command: telnet 127.0.0.1:4767

If telnet is unsuccessful, check the local firewall for dropped traffic. The workstation's firewall can also be disabled temporarily for testing.

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clk6CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language