GlobalProtect 无法恢复VPN由于 Windows 现代待机而从睡眠中恢复后的隧道。

GlobalProtect 无法恢复VPN由于 Windows 现代待机而从睡眠中恢复后的隧道。

37290
Created On 09/01/21 16:24 PM - Last Modified 03/11/25 05:53 AM


Symptom


  • GlobalProtect 无法恢复VPN从睡眠中恢复或解锁设备后隧道。
  • GlobalProtect 从睡眠中恢复或解锁设备后提示重新验证(连接方法:永远在线)。
下面的 PanGPS 日志是在机器锁定/睡眠期间。
(T3900)Debug( 550): 07/23/20 09:03:13:294 Network is reachable 
(T3900)Debug( 111): 07/23/20 09:03:13:294 connect failed with error 10065(A socket operation was attempted to an unreachable host.) 
(T3900)Debug( 599): 07/23/20 09:03:13:294 Failed to connect to 192.168.10.10 on 4501 with return value -1 and socket error 10065(A socket operation was attempted to an unreachable host.)
(T3900)Info ( 174): 07/23/20 09:03:13:294 failed to connect to ipsec : 192.168.10.10 [4501]
(T3900)Info ( 321): 07/23/20 09:03:13:294 Connecting to 192.168.10.10 failed
(T3900)Debug( 651): 07/23/20 09:03:13:294 Retry connect failed first time     
(T3900)Debug( 550): 07/23/20 09:03:15:303 Network is reachable
(T3900)Debug( 166): 07/23/20 09:03:15:305 Trying to do ipsec connection to 192.168.10.10 [4501]
(T3900)Debug( 550): 07/23/20 09:03:15:310 Network is reachable
(T3900)Debug( 111): 07/23/20 09:03:15:310 connect failed with error 10065(A socket operation was attempted to an unreachable host.)
(T3900)Debug( 599): 07/23/20 09:03:15:310 Failed to connect to 192.168.10.10 on 4501 with return value -1 and socket error 10065(A socket operation was attempted to an unreachable host.)
(T3900)Info ( 174): 07/23/20 09:03:15:310 failed to connect to ipsec : 192.168.10.10[4501]
(T3900)Info ( 321): 07/23/20 09:03:15:310 Connecting to 192.168.10.10 failed
(T3900)Debug( 651): 07/23/20 09:03:15:310 Retry connect failed second time
(T3900)Debug( 550): 07/23/20 09:03:17:312 Network is reachable
(T3900)Debug( 166): 07/23/20 09:03:17:312 Trying to do ipsec connection to 192.168.10.10 [4501]
(T3900)Debug( 550): 07/23/20 09:03:17:314 Network is reachable
(T3900)Info ( 321): 07/23/20 09:03:23:317 Connecting to 192.168.10.10 failed
(T3900)Debug( 651): 07/23/20 09:03:23:317 Retry connect failed third time
(T3900)Debug( 769): 07/23/20 09:03:23:317 Tunnel retry done: failed retry
(T3900)Debug(6450): 07/23/20 09:03:23:318 --Set state to Disconnecting...

 

Environment


  • Windows 10、Windows 10X
  • GlobalProtect
  • 现代待机功能。

Cause


  • 当用户使系统进入睡眠状态(例如,用户按下电源按钮、合上盖子、闲置或从 Windows 开始菜单中的电源按钮选择睡眠)时,新式待机开始。
  • Windows 在现代待机期间暂停所有桌面应用程序并限制第三方系统服务的运行时间。


为了确认机器将现代待机作为睡眠状态,请在命令提示符下运行以下命令:
C:\Users\Alias> powercfg/a
    The following sleep states are available on this system:
    Standby (S0 Low Power Idle) Network Connected <<<---- This output indicates that Modern standby is supported on this device
    Hibernate
    Fast Startup


 

Resolution


GlobalProtect 从 5.1.7+ 和 5.2.4+ 版本开始支持现代待机。 为了避免与现代备用相关的意外断开,建议升级到 5.1.8 或 5.2.7+。 下面解决的问题与现代备用功能有关。
  •  GPC-11638
  •  GPC-12356 
  •  GPC-12266
参考:
解决的问题GlobalProtectApp5.1
中解决的问题GlobalProtectApp5.2

Additional Information


  • GlobalProtect 可以检测机器何时进入和退出现代待机。
  • 如果VPN在计算机进入现代待机状态之前连接中断,GlobalProtect不尝试恢复VPN联系。
  • 一旦机器从现代待机中唤醒,GlobalProtect将随着隧道的恢复而恢复。
  • 如果由于某种原因恢复隧道失败,则:
  1. GlobalProtect 将进行网络发现(始终在线连接方法)。
  2. GlobalProtect 将断开连接(按需连接方法)。

有关 Windows 现代备用的更多详细信息,请参阅:
现代备用关键概念
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004LjpCAE&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language