Windows GlobalProtectアプリがカスタムHIPチェックを行っておらず、GPアプリログに「EVP_DecryptFinal_ex失敗」ログが表示される
4943
Created On 03/26/24 21:16 PM - Last Modified 05/07/24 13:56 PM
Symptom
GlobalProtectアプリは、カスタムチェック
に関するHIPデータの収集に失敗します コンピュータ名とユーザー名が同じ
PanGpHip.logショー
(P13696-T22624)Info ( 582): 03/20/24 14:55:50:839 EVP_DecryptFinal_ex failed (P13696-T22624)Error( 580): 03/20/24 14:55:50:839 pan_read_text_from_file(): Failed to decrypt file C:\Program Files\Palo Alto Networks\GlobalProtect\HipPolicy.dat (P13696-T22624)Debug( 232): 03/20/24 14:55:50:839 Cannot restore hip policy from file HipPolicy.dat. ... ... (P13696-T22624)Debug( 300): 03/20/24 14:55:50:839 Computer domain is ... (P13696-T22624)Debug( 29): 03/20/24 14:55:52:854 No custom checks needed
PanGPS.log には、同じコンピューター名とユーザー名が表示され、EVP_DecryptFinal_ex失敗したログも表示される可能性があります
(P22684-T14764)Info ( 925): 03/20/24 14:55:07:387 Computer name is PALOALTO, OS version is Microsoft Windows 11 Pro , 64-bit ... (P22684-T23844)Debug( 260): 03/20/24 14:55:07:540 start PanGPA in session 1, logged in user count is 1 (P22684-T23844)Debug( 183): 03/20/24 14:55:07:559 Run cmd C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe fromGPS in session 1 as user (P22684-T23844)Debug( 298): 03/20/24 14:55:09:047 start C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe with returned ID 23900 (P22684-T23844)Debug( 25): 03/20/24 14:55:09:047 create thread 0x504 with thread ID 23920 (P22684-T23844)Debug( 107): 03/20/24 14:55:09:047 start CheckPanGpAgentThread 0x504 with client pid 23900 (P22684-T23920)Info ( 127): 03/20/24 14:55:09:051 CheckPanGpAgentThread: started. (P22684-T23828)Debug(1986): 03/20/24 14:55:09:734 Enforcer,found 0 filter object belonging to us. (P22684-T23828)Debug( 41): 03/20/24 14:55:09:734 Roaming profile is true (P22684-T23828)Error( 145): 03/20/24 14:55:09:808 NetUserGetInfo is NERR_UserNotFound (P22684-T23828)Debug( 167): 03/20/24 14:55:09:808 profileInfo username paloalto, profile path (null), server (null) (P22684-T23828)Error(4031): 03/20/24 14:55:09:830 Failed to get attribute value 'Configurations', error code=0 (P22684-T23828)Debug(4039): 03/20/24 14:55:09:830 CPanMSServiceWin::IsGpDisabledForCurUser() - bGpIsDisabled=0. (P22684-T23828)Info ( 202): 03/20/24 14:55:10:468 New Connection(127.0.0.1:50328) with socket(1380) (P22684-T23828)Debug( 349): 03/20/24 14:55:10:468 Socket is connected by C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe (P22684-T23828)Info ( 582): 03/20/24 14:55:10:705 EVP_DecryptFinal_ex failed (P22684-T23828)Debug( 432): 03/20/24 14:55:10:705 Reinit translate with user context. Try again (P22684-T23828)Debug( 41): 03/20/24 14:55:10:705 Roaming profile is false (P22684-T23828)Debug( 167): 03/20/24 14:55:10:768 profileInfo username paloalto, profile path (null), server (null)
Environment
Windows
GlobalProtect App
HIP カスタム チェック
Cause
GP Appは、コンピューターとユーザー名が同じ場合、Windows OSから正しい復号化キーを取得しません。
Resolution
コンピュータまたはユーザ名を変更する