cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

GlobalProtect agent error message "ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY"

L0 Member

 

Hi all,

 

I deployed the GP agent and user was authenticated by client certificate, most users wroks, but some users cannot pass the authentication and get the following error messages in PanGPA.log:

 

(T1356) 06/08/18 13:39:53:722 Info (2559): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, this=0000029E2C99C820)
(T1356) 06/08/18 13:39:53:722 Debug(2640): WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, error=12186, result=5, dwCertificateError=0
(T9076) 06/08/18 13:39:53:816 Info (1465): winhttpObj, get WINHTTP_CALLBACK_STATUS_REQUEST_ERROR
(T9076) 06/08/18 13:39:53:816 Info (1032): Server cert query failed with error 12019
(T9076) 06/08/18 13:39:53:816 Error(1494): error = ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY
(T9076) 06/08/18 13:39:53:816 Debug(1576): winhttpObj, got ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY, clean cert cache now
(T9076) 06/08/18 13:39:53:816 Debug(3610): winhttpobj, cert do not has private key???? clean lastIssuerName now, data = 0000000000000000

 

GP agent is version 4.0.5, I also checked the certficate is fine and exported with private key, I also reinstall agent and certificate, even install newer GP agent version 4.0.8, but cannot fix it.

 

Does anyone know how to fix it? or have any suggestion for troubleshooting?

 

Firewall is running PAN-OS 7.1.15 and GlobalProtect agent 4.0.5 now, I had already opened a case but TAC think it is the operation system problem. All the issue computers are running Windows 10, client certificate is a sha256 (RSA 2048) self-signed certificate.

 

Thanks a lot and Best Regardss,

Sample Wu

 

Who rated this post