Single Sign-On (SSO) for GlobalProtect Fails from Virtualized Systems on VMware Accessed via RDP

Single Sign-On (SSO) for GlobalProtect Fails from Virtualized Systems on VMware Accessed via RDP

12856
Created On 09/26/18 13:49 PM - Last Modified 02/07/19 23:46 PM


Resolution

Issue

Single Sign-On (SSO) fails when using GlobalProtect (GP) on a Windows system running in a VMware virtualized environment when accessed with Remote Desktop.

Cause

When logged on to a VM via Remote Desktop, local credentials are not presented in the same way as a native operating system, due to the way authentication credential handling occurs in RDP. This may cause SSO to fail with an empty user and domain.

After enabling debug logs on Global Protect, the following log may be seen:

Debug(11600): "___empty_username___" and empty cc user name

Workaround

Log onto the virtualized OS locally (such as via VMWare Player).

If RDP must be used:

GlobalProtect can save credentials that are manually entered.

  1. Open GlobalProtect
  2. Click View > Advanced View
  3. Go to the Settings tab and enter user credentials
  4. Select the "Remember Me" check box

owner: gwesson



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clr4CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language