Validation error: client-certificate 'globalprotect_app_log_cert' is not a valid reference during ADEM activation

Validation error: client-certificate 'globalprotect_app_log_cert' is not a valid reference during ADEM activation

16630
Created On 11/10/21 05:16 AM - Last Modified 05/23/22 08:15 AM


Question


  • An admin activates the ADEM on Prisma Access mobile users managed by Panorama using Enable ADEM in Panorama Managed Prisma Access  
  • Why does the local commit on the panorama fails with validation error complaining that the client certificate selected in the GlobalProtect Portal is not a valid reference.
globalprotect_app_log_cert-invalid

Environment


  • Panorama Managed Prisma Access
  • Active ADEM (Autonomous Digital Experience Management)  license. 

Answer


This is due to a corruption during the the certificate creation in step1. Follow these steps to fix the issue.
  1. Remove the client certificate reference from the GlobalProtect Portal.
  2. Delete the globalprotect_app_log_cert from Device > Certificates (Mobile_Users_Template)(Shared location) 
  3. Perform a local panorama commit. (This needs to be a full commit and Not partial commit )
  4. Follow the ADEM activation steps again and generate the certificate again.
  5. Perform a local panorama commit before calling the certificate in portal configuration.
  6. Continue the configuration as per the document referenced above. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004MIQCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language