This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Intune with IOS and Global Protect, utilizing certificate-based authentication troubles.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Intune with IOS and Global Protect, utilizing certificate-based authentication troubles.

Ben_Laney
L1 Bithead

‎11-03-2023 08:41 AM

We have been trying to migrate a client from Airwatch to Intune for MDM management. Part of this deployment was implementing certificate-based authentication for their Global Protect VPN client.  We have been successful with Windows, and Android. However, we have not been able to get MacOS, iPadOs, or IOS to work successfully. all the Error logs indicate that the Global Protect application does not know how to identify the certificate that is being deployed via Intune. We have validated that Root and Intermediate certificates are on the devices. I am all ears as to any help anyone can provide on this. 

0 Likes Likes
4 REPLIES 4

TorstenForster
L0 Member

‎04-21-2024 08:37 AM

Hi Ben,
I also work on the same setup with intune and ios.

It seems that we run into the same issue. 

Did you find a solution for that?

 

In the PANGPS log I found the errors:

"Couldn't find any matching identities. Trying to continue without client cert

Client cert error detail is Client cert usage check failed

error detail is Client cert usage check failed"

Any Idea? Is it a problem with the certificate store lookup?

 

kind regards 

Torsten

0 Likes Likes

Ben_Laney
L1 Bithead
In response to TorstenForster

‎04-23-2024 04:06 PM

We ended up scaping the project , and going back to Airwatch. if you ever figure it out, i would be interested to know how to get around those errors.

 

0 Likes Likes

TorstenForster
L0 Member
In response to Ben_Laney

‎04-25-2024 11:55 PM - edited ‎04-25-2024 11:56 PM

Yes, we found a solution right know. 

The Problem was that the intune vpn profile wasn't pushed to the device. My Collegues analyzed it and changed something. Now, everything is working fine with a split vpn setup. Certificate autheneticaten and user authentication is working fine.

Also the tag detection on the device.

The only problem we found is that intune doesn't remove the app again. Only installation is working fine

0 Likes Likes

Ben_Laney
L1 Bithead

‎04-26-2024 07:55 AM

If you could find out what your colleagues did to get it to work, you would be a life saver. 

 

0 Likes Likes
  • 516 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks