Hello,
Some customers are having problems with Globalprotect not connecting after upgrading from Win10 to Win11 (22H2). TAC has suggested reinstalling the certificate and updating Windows, but so far nothing has worked. Several similar cases have occurred with different customers.
”ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY” is logged in both cases.
Are you experiencing similar problems? I wonder whether the problem is on the Windows side as the TAC says it is.
Its the private key access issue on win11. Apply all available updates, remove old certificate, import it once again.
Also try deleting the Gp cache on your machine or do a fresh install of the gp client on your machine
What version of GlobalProtect?
Are you using cert authentication for the client? The error reads to me that maybe the client can’t access the private key for the cert or the private key is missing or inaccessible after the OS upgrade.
If the private key for the cert is inaccessible there’s really nothing the client can do.
We had to upgrade the the latest version of GP in the 5 train to get this to work. Our HIPS check kept showing the windows firewall as na… instead of on and we require the windows firewall to be enabled in order to match the policy to allow from the vpn zone.
Windows 11 bug.
Resolved in:
2022-09 Cumulative Update for Windows 11 for x64-based Systems (KB5017328) Windows 11 Security Updates
Hi,
PAN-OS: 9.1.13 / GP: 5.2.11 and 6.0.4
PAN-OS:10.1.6 / GP:5.2.12 and 6.0.4-c26
The newest version of MAC is also not working Ventura 13.2