Windows GlobalProtect App is not doing Custom HIP check and GP App Logs show "EVP_DecryptFinal_ex failed" log
4939
Created On 03/26/24 21:16 PM - Last Modified 03/26/24 21:18 PM
Symptom
GlobalProtect App fails to collect HIP data about Custom Checks
Computer name and Username are the same
PanGpHip.log shows
(P13696-T22624)Info ( 582): 03/20/24 14:55:50:839 EVP_DecryptFinal_ex failed (P13696-T22624)Error( 580): 03/20/24 14:55:50:839 pan_read_text_from_file(): Failed to decrypt file C:\Program Files\Palo Alto Networks\GlobalProtect\HipPolicy.dat (P13696-T22624)Debug( 232): 03/20/24 14:55:50:839 Cannot restore hip policy from file HipPolicy.dat. ... ... (P13696-T22624)Debug( 300): 03/20/24 14:55:50:839 Computer domain is ... (P13696-T22624)Debug( 29): 03/20/24 14:55:52:854 No custom checks needed
PanGPS.log shows the same Computer name and Username and could also show the EVP_DecryptFinal_ex failed log
(P22684-T14764)Info ( 925): 03/20/24 14:55:07:387 Computer name is PALOALTO, OS version is Microsoft Windows 11 Pro , 64-bit ... (P22684-T23844)Debug( 260): 03/20/24 14:55:07:540 start PanGPA in session 1, logged in user count is 1 (P22684-T23844)Debug( 183): 03/20/24 14:55:07:559 Run cmd C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe fromGPS in session 1 as user (P22684-T23844)Debug( 298): 03/20/24 14:55:09:047 start C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe with returned ID 23900 (P22684-T23844)Debug( 25): 03/20/24 14:55:09:047 create thread 0x504 with thread ID 23920 (P22684-T23844)Debug( 107): 03/20/24 14:55:09:047 start CheckPanGpAgentThread 0x504 with client pid 23900 (P22684-T23920)Info ( 127): 03/20/24 14:55:09:051 CheckPanGpAgentThread: started. (P22684-T23828)Debug(1986): 03/20/24 14:55:09:734 Enforcer,found 0 filter object belonging to us. (P22684-T23828)Debug( 41): 03/20/24 14:55:09:734 Roaming profile is true (P22684-T23828)Error( 145): 03/20/24 14:55:09:808 NetUserGetInfo is NERR_UserNotFound (P22684-T23828)Debug( 167): 03/20/24 14:55:09:808 profileInfo username paloalto, profile path (null), server (null) (P22684-T23828)Error(4031): 03/20/24 14:55:09:830 Failed to get attribute value 'Configurations', error code=0 (P22684-T23828)Debug(4039): 03/20/24 14:55:09:830 CPanMSServiceWin::IsGpDisabledForCurUser() - bGpIsDisabled=0. (P22684-T23828)Info ( 202): 03/20/24 14:55:10:468 New Connection(127.0.0.1:50328) with socket(1380) (P22684-T23828)Debug( 349): 03/20/24 14:55:10:468 Socket is connected by C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe (P22684-T23828)Info ( 582): 03/20/24 14:55:10:705 EVP_DecryptFinal_ex failed (P22684-T23828)Debug( 432): 03/20/24 14:55:10:705 Reinit translate with user context. Try again (P22684-T23828)Debug( 41): 03/20/24 14:55:10:705 Roaming profile is false (P22684-T23828)Debug( 167): 03/20/24 14:55:10:768 profileInfo username paloalto, profile path (null), server (null)
Environment
Windows
GlobalProtect App
HIP Custom Check
Cause
GP App does not get the correct decryption key from Windows OS if the computer and username are the same.
Resolution
Change Computer or Username