GlobalProtect Client is not Connecting

GlobalProtect Client is not Connecting

371320
Created On 09/25/18 20:40 PM - Last Modified 04/29/20 16:34 PM


Symptom


GlobalProtect client is not able to connect.

Environment


  • Pan-OS
  • Global Protect

Cause


This indicates a problem with the PanGPA service's connection to the PanGPS service on the same workstation.
 

Troubleshooting/Verification

The following log can be found in PanGPA.log on the client machine:

 

P 195-T519 Oct 09 18:02:17:24315 Info ( 83): Failed to connect to server at port:4767

P 195-T519 Oct 09 18:02:17:24325 Info ( 460): Cannot connect to service, error: 61

P 195-T519 Oct 09 18:02:17:24330 Debug( 742): Unable to connect to service

 

The PanGPS service should be listening on localhost port 4767. To verify, run either of the following commands:

 

  • For Macs perform the following (Via Terminal):
netstat -an | grep 4767

tcp4 0 0 127.0.0.1.4767 *.* LISTEN

 

  • For Windows, perform the following (Via CLI):
netstat -an | find "4767"

TCP    127.0.0.1:4767         0.0.0.0:0              LISTENING

Resolution


Resolution

If there is no active listener on port 4767, the service didn't start properly. Refer to the PanGPS.log for more information as to why or investigate other custom OS changes that could cause conflict.

 

If there is a listener, try connecting to the port by using the telnet command: telnet 127.0.0.1:4767

If telnet is unsuccessful, check the local firewall for dropped traffic. The workstation's firewall can also be disabled temporarily for testing.

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clk6CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language