Support Center > Search Results > SecureKnowledge Details
Identity Collector fails to connect to a Security Gateway due to MultiPortal certificate Technical Level
Symptoms
  • "Identity collector cannot connect to Security Gateway - refer to sk113021" is shown when using the "Test" button.

  • Kernel Debug as per sk105723 does not show the same symptoms.

  • Identity Collector service debugs (sk122686) in ia_ag.log shows the following error:
    [WinHttpCCC (NAC::IS::TD::Surprise)] UTILS::WinHttpCCC::asyncCallbackMethod: STATUS_REQUEST_ERROR: error 12175 (async API 5) on request (id 1 - 69728f8)

  • A traffic capture shows that the Server Certificate that the Security Gateway presents to the Identity Collector is already expired based on its validity range and the IDC closes the connection shortly after.

Cause

Bad / Expired certificate on the Security Gateway on one of the MultiPortal services.

To help pin-point the certificate, it can be identified based on a packet capture when the Security Gateway presents its certificate to the Identity Collector.

In the following example the certificate is expired (captured on Oct. 17 2020) and was found to be on the Captive Portal:


Solution
Note: To view this solution you need to Sign In .