Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic


L0 Member


Hi all,


I deployed the GP agent and user was authenticated by client certificate, most users wroks, but some users cannot pass the authentication and get the following error messages in PanGPA.log:


(T1356) 06/08/18 13:39:53:722 Info (2559): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, this=0000029E2C99C820)
(T1356) 06/08/18 13:39:53:722 Debug(2640): WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, error=12186, result=5, dwCertificateError=0
(T9076) 06/08/18 13:39:53:816 Info (1465): winhttpObj, get WINHTTP_CALLBACK_STATUS_REQUEST_ERROR
(T9076) 06/08/18 13:39:53:816 Info (1032): Server cert query failed with error 12019
(T9076) 06/08/18 13:39:53:816 Error(1494): error = ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY
(T9076) 06/08/18 13:39:53:816 Debug(1576): winhttpObj, got ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY, clean cert cache now
(T9076) 06/08/18 13:39:53:816 Debug(3610): winhttpobj, cert do not has private key???? clean lastIssuerName now, data = 0000000000000000


GP agent is version 4.0.5, I also checked the certficate is fine and exported with private key, I also reinstall agent and certificate, even install newer GP agent version 4.0.8, but cannot fix it.


Does anyone know how to fix it? or have any suggestion for troubleshooting?


Firewall is running PAN-OS 7.1.15 and GlobalProtect agent 4.0.5 now, I had already opened a case but TAC think it is the operation system problem. All the issue computers are running Windows 10, client certificate is a sha256 (RSA 2048) self-signed certificate.


Thanks a lot and Best Regardss,

Sample Wu


Who Me Too'd this topic