Why GlobalProtect authentication request is not sent to the next server listed in a radius server profile

> tail follow yes mp-log authd.log

2019-12-03 00:10:42.447 -0800 debug: _authenticate_initial(pan_auth_state_engine.c:2371): Trying to authenticate (init auth): <profile:
 "radius", vsys: "vsys1", policy: "", username "xxxx"> ; timeout setting: 25 secs ; authd id: 6761196628998095063
2019-12-03 00:10:42.448 -0800 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1817): Authenticating user "xxx"
 with <profile: "radius", vsys: "vsys1">
2019-12-03 00:10:42.448 -0800 debug: pan_authd_radius_create_req_payload(pan_authd_radius.c:230): username: xxxx
2019-12-03 00:10:42.448 -0800 debug: pan_make_radius_request_buf(pan_authd_radius_prot.c:390): RADIUS request type: PAP
2019-12-03 00:11:07.815 -0800 debug: pan_auth_response_process(pan_auth_state_engine.c:4523): Auth FAILED for user "xxxx" thru 
<"radius", "vsys1">: remote server 172.16.59.35 of server profile "radius" is down, or in retry interval, or request timed out
 (elapsed time 25 secs, max allowed 25 secs)
2019-12-03 00:11:07.815 -0800 debug: _log_auth_respone(pan_auth_server.c:268): Sent PAN_AUTH_FAILURE auth response for user 'xxxx'
 (exp_in_days=0 (-1 never; 0 within a day))(authd_id: 6761196628998095063) (return domain 'xxxx')

The above behavior is seen due to the default timeout of GloablProtect which is 30 seconds, which in turn makes the default authentication timeout 25 seconds.
Authentication time out is calculated as ( GlobalProtect timeout - 5 ).

The GlobalProtect timeout should be the same as or greater than the total time that any server profile allows for connection attempts. The total time in a server profile is the timeout value multiplied by the number of retries (plus the first attempt's timeout) and the number of servers.
The radius server profile from the previous section has timeout value of 63 seconds ((7x4x2)+7).

Use the below command to increase the GlobalProtect timeout to 65 seconds in order to allow authentication to continue with the second server:
 

# set deviceconfig setting global-protect timeout ?
  <value>  <3-150> timeout in seconds for global-protect gateways
# set deviceconfig setting global-protect timeout 65
#commit
# show deviceconfig setting global-protect
global-protect {
  timeout 65;
}

Authentication time out increases to 60 seconds.
After the first authentication request times out, authentication continues with the second server and does not result in PAN_AUTH_FAILURE.

Below is a sample output from authd logs using radius:
 

debug: _authenticate_initial(pan_auth_state_engine.c:2371): Trying to authenticate (init auth): <profile: "radius", vsys: "vsys1",
policy: "", username "xxxx"> ; timeout setting: 60 secs ; authd id: 6761196628998095076
debug: pan_auth_response_process(pan_auth_state_engine.c:4523): Auth FAILED for user "xxxx" thru <"radius", "vsys1">: remote server
172.16.59.35 of server profile "radius" is down, or in retry interval, or request timed out (elapsed time 39 secs, max allowed 60 secs)
debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1817): Authenticating user "xxxx" with <profile: "radius", 
vsys: "vsys1">
debug: pan_authd_radius_create_req_payload(pan_authd_radius.c:230): username: xxxx
debug: pan_make_radius_request_buf(pan_authd_radius_prot.c:390): RADIUS request type: PAP