Cannot install Machine Certificate for GP Pre-logon

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cannot install Machine Certificate for GP Pre-logon

L4 Transporter

I encountered a problem installing the machine certificate.


I followed the article below:
We are using a self-signed root ca that is in the cert profile for auth, then generated the server cert and machine cert and signed them with the same root. Then export as pks12.
In the Certificate Profile, I changed the Username Field type from 'None' to 'Subj'.
Made sure I selected the Computer account (default is user account) and cert is in folder "Personal" there.
Tried the MS fix but no luck.
Please help!

Accepted Solutions

I cannot really tell without seeing your complete setup but it may be that as you included the certificate in the profile, GP was seeing pre-logon as a separate user rather than just a pre-logon user.


View solution in original post


L7 Applicator

Hi @FarzanaMustafa .

have you tried to install the same certificate into the user personal store of the same device or into another device that is not controlled by group policy etc.


this will not fix the issue but you need to first discover if this is a problem with the certificate or the installation process.


has your root CA been used to generate other successful client auth certs?

@MickBall Thank you so much for your guidance.


The Gateway is now working. Any idea how to check evidence of client cert checks being performed? ie. 

How can I validate if the user is authenticated with the pre-logon feature?

check the gateway current users. add "pre" to the search, this is what you will se before the user connects.

you can also check the previous user tab with pre.




Hi @MickBall 


Sorry for the delayed response and thank you once again for your great inputs.


When I'm logged out from the workstation the pre-logon user is not showing in the gateway. I can see it in the Previous User tab.

However, on the KB article of PA it says:
Could you please endorse my concern with the relevant PA Team?
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!