Blue Screen of Death on Global Protect Client Driver
34838
Created On 02/04/19 19:53 PM - Last Modified 04/01/24 07:44 AM
Symptom
- Deploying new Windows 10 machines experiencing BSOD due to pangpd.sys driver
- Stack trace on memory dump shows Verifier enabled for pangpd.sys :
ffffb385`74e87230 fffff800`51922ddf : 00000000`00000301 00000000`000003cc 00000000`00000000 fffff801`750bd8f7 : VerifierExt!XdvUnifiedBugCheck+0x359 ffffb385`74e872b0 fffff800`51922e20 : ffff9466`42df56f4 00000000`00000000 00000000`00400000 00000000`00000000 : VerifierExt!SLIC_ObReferenceObjectByHandle_entry_IrqlObPassive+0x33 ffffb385`74e872f0 fffff801`750c8a1b : 00000000`000003cc ffffb385`74e87560 00000000`00000000 00000000`00000000 : VerifierExt!ObReferenceObjectByHandle_wrapper+0x30 ffffb385`74e87330 fffff800`539b5682 : ffffb987`b86c7e20 ffffb385`74e87560 ffffb987`b86c7cd0 00000000`00000000 : nt!VerifierObReferenceObjectByHandle+0x3b
OR
- Dump shows BUGCODE_NDIS_DRIVER_LIVE_DUMP (15e) pointing to Miniport adapter
Environment
- Upgrading to GP client latest version 4.1.9 where issue still persists.
- Client devices loading Windows 10 OS.
Cause
- GP driver is not compatible with Microsoft Verifier & Device Guard (Windows 10).
- Engineering team confirmed that blue screen happens when driver verifier is enabled.
- With reference to host running Device Guard, memory dump showing error BUGCODE 0x15E, subcode 0x30 implies GP driver has not returned a NBL back to the stack for some time.
- Current GP driver was developed before Windows 8 and there was no Device Guard compatibility support at that time; so it is too old to pass these kinds of tests.
Resolution
- Issue will be fixed with future release of Global Protect client currently targeted in v5.1 (contains new updated miniport driver.)
- The workaround until the release of GP client v5.1 is to disable Device Guard on Windows 10 client devices.
- If a MS Verifier run is required to check other drivers, run admin command "sc stop PanGPS" to stop GP client.
Additional Information
The release of GP client version 5.1 is currently unknown requiring extensive QA cycles for thorough testing.