- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-23-2024 10:03 AM
Hi Community,
We’re encountering an issue with our Windows-based User ID Agent installed on the server. Specifically, we're receiving the error message: "Failed to validate client certificate: No connection found."
Here’s what we’ve tried so far to resolve the issue:
Verified Certificate Locations:
Checked Device > User Identification > Connection Security and confirmed there is no certificate present.
Verified that no certificate exists in the User ID Agent itself.
Reviewed the User-ID agent configuration file and found no certificates there.
Troubleshooting Steps Taken:
Attempted to upgrade the User ID Agent.
Reinstalled the User ID Agent.
Despite these efforts, the issue persists. We’re looking for any additional suggestions or insights from the community that might help us resolve this problem.
If anyone has encountered a similar issue or has ideas on what we might have missed, your advice would be greatly appreciated!
Thank you in advance for your help.
What certificate it might be referring to ? any ideas ?
08-26-2024 02:53 AM - edited 08-26-2024 02:54 AM
Hello,
Same issue here, we had to add ans delete certificate for User-ID feature.
Then it reworks.
10-15-2024 06:14 AM
After upgrading to 10.1.12 User id agent we are seeing this error previously we never used certificate on the user id agent. Is there any way without installing the ssl certificate on user id agent and FIrewall?
11-11-2024 01:07 AM
Hi, I am wondering if your firewall needs an update. There are issues relating to the embedded certificate expiry as detailed in this knowledge base article:-
11-12-2024 12:40 AM
Hello,
Finally I've found another workaround that is more simple : "just" uncheck "Enabled" and then re-check "Enabled" under "Data Redistribution / Agent".
Regards,
11-19-2024 10:15 AM
My firewall version is up to date (according to directives regarding the User-ID certificate issue) and I installed version 11.0.1-104 of the Agent, which was supposed to resolve the situation. However, I still encountered an invalid certificate error when starting the Agent.
I even created a custom certificate, set up a certificate profile to assign to User-ID on the firewall, and then imported the certificate into the Agent, but it didn’t work.
The issue was only resolved with your tip to uncheck "Enabled", commit, check "Enabled" again, and commit once more. (At this point, I had already given up on trying to use a custom certificate.)
Thank you very much! 😊
12-13-2024 01:40 PM
This resolved my issue as well- thanks!
12-16-2024 12:21 AM
Hi all,
To Palo Alto support : this issue has been encountered this morning again following weekly reboot of our server which houses User-ID agent.
Same workaround as described. But is a fix for that be scheduled ?
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!