How to fix GP error "return error code = 10061"
130749
Created On 04/27/20 21:54 PM - Last Modified 03/11/25 03:54 AM
Objective
User can not connect to the Globalprotect portal with connection refused error:
GpA logs showed :
(T11360) 03/31/20 16:16:33:878 Error( 234): CPanSocket::OnClose - receive close info 10053, close the socket. (T11360) 03/31/20 16:16:34:540 Info ( 243): InitWinConnection ... (T11360) 03/31/20 16:16:34:541 Info ( 253): Connecting to Pan MS Service end (T11360) 03/31/20 16:16:36:543 Debug( 255): CPanSocket::onConnect - return error code = 10061. (T11360) 03/31/20 16:16:39:538 Info ( 243): InitWinConnection ... (T11360) 03/31/20 16:16:39:539 Info ( 253): Connecting to Pan MS Service end (T11360) 03/31/20 16:16:41:542 Debug( 255): CPanSocket::onConnect - return error code = 10061.
Environment
- Pan-Os
- Global Protect
- Windows
Procedure
The 10061 is a winsock connection error meaning the connection was refused. No connection could be made because the target machine actively refused it. This usually results from trying to connect to a service that is inactive on the foreign host i.e. one with no server application running.
Here is some useful Troubleshooting steps:
1- Make sure port 4767 is open. PanGPS service should be listening on localhost port 4767. To check run the command on windows PC:
Netstat -an | find "4767" The output should be as below for example: TCP 127.0.0.1:4767 0.0.0.0:0 LISTENING TCP 127.0.0.1:4767 127.0.0.1:49779 ESTABLISHED TCP 127.0.0.1:49779 127.0.0.1:4767 ESTABLISHED
2- If device can listen to this port , please disabled the Antivirus application and firewall on the client machine, and test the connection .
3- If you still having the issue , please remove/uninstall and install GlobalProtect again:
1-Disable WMI services : run - services.msc - Windows Management Instrumentation(WMI) - stop the service. 2-Delete the files under C:\Windows\System32\wbem\Repository 3-Open regedit: Go to HKEY_LOCAL_MACHINE > Software and HKEY_CURRENT_USER > Software. Delete the Palo Alto Networks folder. Delete the same if the same folder is present in any other user under HKEY_USERS. 4-Un-install GlobalProtect from Windows 'program and features'. 5-Make sure that the virtual adapter in not present in the Network adapter settings. 6-Reboot the machine. 7-Reinstall GlobalProtect with admin privileges. 8-Confirm that WMI service is running.