Hello all, I have a (working) Global Protect Portal+Gateway envrionment. I am now trying to setup a gateway in a second datacenter. I have setup the same GP-cert and Client-Cert, cert_Profile and GP Gateway settings. The gateway works, when setting a portal on the second datacenter machine and logging on through it, but not when using the original portal. I see in the client logs it is trying to connect, and then gives me this error: (T5312) 10/11/13 15:11:40:830 Debug(2597): winhttpObj, HandleHttpsRequest, url = / (T5312) 10/11/13 15:11:40:830 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_HANDLE_CREATED, this=0000000002D2C320) (T5312) 10/11/13 15:11:40:830 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_HANDLE_CREATED, this=0000000002D2C320) (T5312) 10/11/13 15:11:40:830 Info (2705): winhttpObj->SendRequest, first try (T5312) 10/11/13 15:11:40:830 Info (1134): winhttpObj, SendRequest, bIngoreClientCert=0 (T5312) 10/11/13 15:11:40:831 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_RESOLVING_NAME, this=0000000002D2C320) (T5312) 10/11/13 15:11:40:831 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_NAME_RESOLVED, this=0000000002D2C320) (T5312) 10/11/13 15:11:40:831 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_CONNECTING_TO_SERVER, this=0000000002D2C320) (T5312) 10/11/13 15:11:40:831 Debug(2984): send alive message now 3 (T2936) 10/11/13 15:11:40:886 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_CONNECTED_TO_SERVER, this=0000000002D2C320) (T6300) 10/11/13 15:11:40:892 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, this=0000000002D2C320) (T6300) 10/11/13 15:11:40:892 Debug(1981): WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, error=12044, result=5 (T5312) 10/11/13 15:11:40:893 Info (1170): winhttpObj, get WINHTTP_CALLBACK_STATUS_REQUEST_ERROR (T5312) 10/11/13 15:11:40:893 Error(1199): error = ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED (T5312) 10/11/13 15:11:40:893 Info (1225): winhttpObj, set client cert name <bla bla>, remote.<domain>.com (T5312) 10/11/13 15:11:40:893 Info (1229): winhttpObj, reuse cert 000000000690D9E0 (T5312) 10/11/13 15:11:40:894 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_RESOLVING_NAME, this=0000000002D2C320) (T5312) 10/11/13 15:11:40:894 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_NAME_RESOLVED, this=0000000002D2C320) (T5312) 10/11/13 15:11:40:894 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_CONNECTING_TO_SERVER, this=0000000002D2C320) (T6300) 10/11/13 15:11:40:899 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_CONNECTED_TO_SERVER, this=0000000002D2C320) (T6300) 10/11/13 15:11:40:963 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, this=0000000002D2C320) (T6300) 10/11/13 15:11:40:963 Info (1927): winhttpObj, dwCertError is: (T6300) 10/11/13 15:11:40:963 Info (1932): WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID (T6300) 10/11/13 15:11:40:963 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, this=0000000002D2C320) (T6300) 10/11/13 15:11:40:963 Debug(1981): WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, error=12175, result=5 (T5312) 10/11/13 15:11:40:964 Info (1170): winhttpObj, get WINHTTP_CALLBACK_STATUS_REQUEST_ERROR (T5312) 10/11/13 15:11:40:964 Info (1172): winhttpObj, ERROR_WINHTTP_SECURE_FAILURE set (T5312) 10/11/13 15:11:40:964 Error(1199): error = ERROR_WINHTTP_SECURE_FAILURE (T5312) 10/11/13 15:11:40:964 Debug( 768): Server <IP address 2nd gateway> cert chain has been created. (T5312) 10/11/13 15:11:40:964 Debug( 782): Server <IP address 2nd gateway> cert verification passed (T5312) 10/11/13 15:11:40:964 Debug( 806): Check server certificate revocation returns TRUE (T5312) 10/11/13 15:11:40:964 Debug( 895): The length of the serialized string is 986. (T5312) 10/11/13 15:11:40:964 Debug( 912): The encoded element has been serialized. (T5312) 10/11/13 15:11:40:968 Debug( 335): Active session id is 1 (T5312) 10/11/13 15:11:40:979 Debug( 103): Found PanGPA pid 3224 (T5312) 10/11/13 15:11:40:979 Debug( 107): Found active PanGPA pid is 3224 (T5312) 10/11/13 15:11:40:980 Debug( 63): pan_get_full_path(): full path in multibyte char is C:\Users\stephan.van.der.plas\ServerCert.pan (T5312) 10/11/13 15:11:40:981 Debug( 923): SerializeServerCert(): wrote 986 of 986 bytes to file C:\Users\stephan.van.der.plas\ServerCert.pan. (T5312) 10/11/13 15:11:40:981 Info (1914): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_HANDLE_CLOSING, this=0000000002D2C320) (T5312) 10/11/13 15:11:40:983 Info ( 516): wait for closing callback success! (T3520) 10/11/13 15:11:41:421 Debug(1869): enum result is 0000000000000000 (T3520) 10/11/13 15:11:41:421 Debug(1895): gbCheckInsertSmardCard is false, quit the enum loop (T960) 10/11/13 15:11:41:437 Debug(1869): enum result is 0000000000000000 (T960) 10/11/13 15:11:41:437 Debug(1895): gbCheckInsertSmardCard is false, quit the enum loop What can I do to make this work via the existing portal? Regards, Stephan van der Plas
... View more