06-18-2026 07:47 PM
My Authentication does work correctly on Office Network, But It does not work on my Home Network. Lan Cable, Wifi and Mobile Hotspot does not work at all.
I did drop a mail from my official email id, somebody please help.
06-19-2026 04:47 AM
Hi @omkar15525 ,
Can you provide more info ? Guessing you're talking about Prisma Access Agent ?
Did you check your agent logs to see exactly where the connection is breaking.
When you have a moment on your home network, please pull the logs and verify if you have more info in there.
When the connection fails at home, what exact message does the agent display? (e.g., "Connecting..." indefinitely, "Gateway not reachable," "Invalid username or password," or a specific certificate error?)
Kind regards,
06-19-2026 07:01 AM
I see the error as: Couldnt Query the server certificate chain. This could be due to network configuration decrypting the SSL connection between this machine and the server agents.den.prismaaccess.com (12019)
06-19-2026 07:50 AM
Hi @omkar15525 ,
The error 12019 indicates that the client certificate authentication process is failing. The gateway is requesting a client certificate, but it cannot be found, accessed, or successfully validated over your home network.
Since this works on the office network, please verify the client certificate configuration using this guide: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFoCAK
Before modifying anything, I recommend to open a support case with TAC and provide your GlobalProtect logs so they can identify the exact certificate error or missing chain component without you needing to guess.
I've seen scenarios where duplicate certificate entries in the store cause this exact issue. For pre-logon connections, if multiple matching certificates exist (e.g., an expired one or one with a missing key associated with the cert), PanGPS will pick the first match it finds. If you locate invalid duplicates via certutil that aren't showing up in the MMC graphics window, you can clean them out of the registry.
Check the MMC on the PC and make sure to have the valid certificate installed in the Machine store with its private key. If you are sure that the certificate is valid and the key exists, dump the whole machine certificate store with certutil to see if there are any duplicates that could be the cause of the issue.
If such certificates are seen in the certutil output and registry but not on MMC, delete the unnecessary ones from the registry and leave only the one which is intended for pre-logon certificate authentication. Don't make any changes for any other certificates which might be used for other purposes !
Note: Modifying the Windows Registry and deleting certificate objects carries a risk of breaking other system functionalities or authentication mechanisms. If you are not a administrator, then please forward this information to your internal IT Helpdesk or an administrator to assist you with the cleanup, if needed.
Ultimately, with the lack of current information it's impossible for me to be sure what the issue is. Please prioritize opening a support case first. Having TAC analyze the log package is the safest step to pinpoint the exact failure before doing any manual registry or certificate troubleshooting.
Best regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
