upgraded macOS to Big Sur and users cannot connect to globalprotect

cancel
Showing results for 
Search instead for 
Did you mean: 

upgraded macOS to Big Sur and users cannot connect to globalprotect

L3 Networker

Dear Community!

 

We have upgraded the macOS to Big Sur and the users fail to connect to the GP gateway due to server cert verification failed

 

P 474-T17783 08/16/2021 14:25:34:351 Debug(1042): Trust evaluation properties (
        {
        error = "Host name mismatch";
        title = "xyz.xyz.xyz.xyz";
    }
)

 

P 474-T17783 08/16/2021 14:25:34:351 Debug(1041): Hostname xyz.xyz.xyz.xyz doesn't match sub alt name or no sub alt name, fallback to CN
P 474-T17783 08/16/2021 14:25:34:351 Debug(1077): Hostname xyz.xyz.xyz.xyz match xyz.xyz.xyz.xyz

.............

P 474-T17783 08/16/2021 14:25:34:353 Debug(1042): Trust evaluation properties (
        {
        error = "CSSMERR_TP_CERT_SUSPENDED";
        title = "xyz.xyz.xyz.xyz";

    }
)

P 474-T17783 08/16/2021 14:25:34:353 Error( 667): Server trust evalutaion failed: 5

..................

P 474-T19519 08/16/2021 14:25:34:353 Error( 532): Connection error Error Domain=NSURLErrorDomain Code=-999 "cancelled"

..............

P 474-T19519 08/16/2021 14:25:34:353 Debug( 482): error detail is Server cert verification failed

..............

P 474-T19519 08/16/2021 14:25:34:353 Debug(5567): Show Gateway Ext-GW: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect

 

I have read the following article:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HB5rCAG

 

But GP was working fine with macOS 10.15 having the same certificates.

 

+ Did you expierence the same issue with Big Sur?

 

Thank you!

 

1 REPLY 1

L3 Networker

Hi

 

Please verify that the certificates do not exceed 825 days validity (from not-before until not-after).

Reference:

https://support.apple.com/en-us/HT210176

 

I've had this happen for 2 customers 😞

Shai

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!