topic GlobalProtect Connection Failed for Some Client Certificate Users in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-connection-failed-for-some-client-certificate/m-p/568094#M4691 <P>We have several GlobalProtect gateways using LDAP and client certificate for authentication. A few users have reported receiving the "Connection Failed. Gateway x: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect". This is received for all gateways. The users are Windows 10 users who have valid client certificates and the gateway Globalprotect log shows no attempted connections to the gateway by the affected users.</P> <P>After checking the GP client PanGPA.log, the following was found: ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY. In checking certmgr.msc, the client certificate reports that the private key exists. I found references to this error after Windows 11 upgrades, but these users did not upgrade. The recommended fix was to remove the client cert and reissue it. We found that this does resolve the problem. After deleting the client cert and reissuing it, the user can successfully connect to GlobalProtect.</P> Fri, 01 Dec 2023 23:00:51 GMT peppywoll 2023-12-01T23:00:51Z GlobalProtect Connection Failed for Some Client Certificate Users https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-connection-failed-for-some-client-certificate/m-p/568094#M4691 <P>We have several GlobalProtect gateways using LDAP and client certificate for authentication. A few users have reported receiving the "Connection Failed. Gateway x: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect". This is received for all gateways. The users are Windows 10 users who have valid client certificates and the gateway Globalprotect log shows no attempted connections to the gateway by the affected users.</P> <P>After checking the GP client PanGPA.log, the following was found: ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY. In checking certmgr.msc, the client certificate reports that the private key exists. I found references to this error after Windows 11 upgrades, but these users did not upgrade. The recommended fix was to remove the client cert and reissue it. We found that this does resolve the problem. After deleting the client cert and reissuing it, the user can successfully connect to GlobalProtect.</P> Fri, 01 Dec 2023 23:00:51 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-connection-failed-for-some-client-certificate/m-p/568094#M4691 peppywoll 2023-12-01T23:00:51Z