Step-by-Step: How to configure the GlobalProtect VPN client to connect before logon to Microsoft Windows 10

Body

UPDATE 19 September 2022 - Scroll to the end of this article for instructions on how to resolve an issue with the DUO Authentication screen not populating.

 

Prerequisites: You must have administrator rights on the computer. For the purposes of this article it is presumed that GlobalProtect is already installed and working properly on your computer.


 

1.  Launch a command prompt session with administrator privileges.

 

 

2.  Navigate to C:\Program Files\Palo Alto Networks\GlobalProtect

 

 

3.  Execute the following command:  pangps -registerplap

NOTE:  There is no feedback from the program.

 

 

4. Reboot the computer.

 

5.  Check to see if the process has completed. 

The process is completed when one sees the GlobalProtect pre-logon icon on the

Windows 10 logon screen.  In experimentation, I discovered that on some computers it seems the process is completed after the first reboot. 

On some other computers, it took a while before the GlobalProtect pre-logon icon appeared.  There was no consistent number of

reboots or amount of time before the icon appeared.  You'll know the process is complete when you see this on the logon screen:

 

 

6.  Connect GlobalProtect before Windows logon.

Click on he GlobalProtect Windows 10 logon screen icon.

You'll see the message "Connecting"

 

 

After a few seconds, a browser screen opens to the CSM authentication page.

Enter your full email address and password.

 

 

Next, complete the DUO two-factor authentication process.

 

 

After the DUO process completes, the connection attempt begins.

 

 

When the connection is completed you are informed.

Click on the Back button to return to the Windows 10 logon screen.

 

 

8.  You can now logon with your ADIT credentials.

 


UPDATE: September 22, 2022

If the DUO multi-factor authentication screen does not populate after you submit your Mines credentials, do the following:

Paste the following text into Notepad and save as GPLOGIN.reg.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\CBL]
"TrustedIdPDomains"="api-67a3278b.duosecurity.com"

Then, double-click your mouse on the GPLOGIN.reg file and you'll be prompted to import it into your Windows registry.

After rebooting, the issue should be resolved. 


2022.09.19 - Revised - dkearney

2022.03.30 - Revised - dkearney

2021.11.15 - dkearney

Details

Details

Article ID: 136822
Created
Mon 11/15/21 3:54 PM
Modified
Mon 10/17/22 5:31 PM