Failed to Validate Client Certificate" Error with User ID Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Failed to Validate Client Certificate" Error with User ID Agent

L1 Bithead

Hi Community,

We’re encountering an issue with our Windows-based User ID Agent installed on the server. Specifically, we're receiving the error message: "Failed to validate client certificate: No connection found."

Here’s what we’ve tried so far to resolve the issue:

  1. Verified Certificate Locations:

    • Checked Device > User Identification > Connection Security and confirmed there is no certificate present.

    • Verified that no certificate exists in the User ID Agent itself.

    • Reviewed the User-ID agent configuration file and found no certificates there.

  2. Troubleshooting Steps Taken:

    • Attempted to upgrade the User ID Agent.

    • Reinstalled the User ID Agent.

Despite these efforts, the issue persists. We’re looking for any additional suggestions or insights from the community that might help us resolve this problem.

If anyone has encountered a similar issue or has ideas on what we might have missed, your advice would be greatly appreciated!

Thank you in advance for your help.

What certificate it might be referring to ? any ideas ?

7 REPLIES 7

L1 Bithead

Hello,

 

Same issue here, we had to add ans delete certificate for User-ID feature.

Then it reworks.

 

https://live.paloaltonetworks.com/t5/general-topics/user-id-connection-security-won-t-work/td-p/3521...

 

L4 Transporter

After upgrading to 10.1.12 User id agent we are seeing this error previously we never used certificate on the user id agent. Is there any way without installing the ssl certificate on user id agent and FIrewall?

L0 Member

Hi, I am wondering if your firewall needs an update.  There are issues relating to the embedded certificate expiry as detailed in this knowledge base article:-

After upgrade of User-id agent, the firewall gets disconnected ... - Knowledge Base - Palo Alto Netw...

 

Hello,

Finally I've found another workaround that is more simple : "just" uncheck "Enabled" and then re-check "Enabled" under "Data Redistribution / Agent".

 

Regards,

My firewall version is up to date (according to directives regarding the User-ID certificate issue) and I installed version 11.0.1-104 of the Agent, which was supposed to resolve the situation. However, I still encountered an invalid certificate error when starting the Agent.

I even created a custom certificate, set up a certificate profile to assign to User-ID on the firewall, and then imported the certificate into the Agent, but it didn’t work.

The issue was only resolved with your tip to uncheck "Enabled", commit, check "Enabled" again, and commit once more. (At this point, I had already given up on trying to use a custom certificate.)

Thank you very much! 😊

This resolved my issue as well- thanks!

Hi all,

 

To Palo Alto support : this issue has been encountered this morning again following weekly reboot of our server which houses User-ID agent.

Same workaround as described. But is a fix for that be scheduled ?

Regards,

  • 4446 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!