Unable to Access GlobalProtect Due to Error (3659)
The following error appears when a user attempts to connect to the GlobalProtect portal:
(T4520) 03/30/12 11:20:27:326 Error(3659): Protocol error. Check server certificate. Failed to ssl connect to 'gp.server.certificate', Disconect ssl and returns false.
When the user is trying to access the GlobalProtect portal the connection is successful. However, when the user tries to connect to the gateway the connection terminates with the Error (3659). This error is found in the GlobalProtect logs on the client end, which can be found by accessing Troubleshooting, under Log select PanGP Service and for Debug Level select Error.
Once the user clicks on the Start button they will receive the following error:
Protocol error. Check server certificate. Failed to ssl connect to '<GlobalProtect_server:port> Disconnect ssl and returns false.
This error indicates there is a problem with the server certificate due to the following reasons:
- The server certificate is not valid. To resolve, go to Network > GlobalProtect > GlobalProtect > Gateways > General and select the gateway. Check which certificate is used by the server in the general settings.
- Check if the certificate is valid by going to Device > Certificate Management > Certificates > Device Certificates:
- The client is attempting to access an incorrect server certificate, make certain to specify the correct server certificate.
- There is a server certificate that became invalid or expired. When a new valid server certificate was created and called, the client still used the original invalid server certificate. Reinstall the GlobalProtect client by accessing the GlobalProtect portal so the client pulls the latest certificate.