Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
GlobalProtect iOS App fails authentication with Error "SecItemCopyMatching failed -25300 for query"

GlobalProtect iOS App fails authentication with Error "SecItemCopyMatching failed -25300 for query"

1440
Created On 07/12/23 20:01 PM - Last Modified 05/10/24 21:00 PM


Symptom


  • GlobalProtect App fails Cert based authentication.
  • Error message "SecItemCopyMatching failed -25300 for query" is seen in PanGPS.log.
  • Error -25300 means "The specified item could not be found in the keychain.".
  • This indicates GP app cannot find any client cert from the keychain that GP app can access.
Error( 912): SecItemCopyMatching failed -25300 for query:
{ class = idnt; "m_Limit" = "m_LimitAll"; "r_PersistentRef" = 1; "r_Ref" = 1; }


Environment


  • GlobalProtect (GP) App version 5.0+
  • Mobile Device Management (MDM)
  • Microsoft Intune


Cause


  • Starting from 5.0, GP app has to use new Apple VPN framework (the old VPN framework is prohibited by Apple).
  • The new VPN framework only allows VPN app to access client cert installed with VPN profile.
  • The information is available in the Knowledge article and Documentation.


Resolution


  1. Log into Intune > Click on Devices > Click on iOS/iPadOS > Click the "+Create Profile"
Intune Dashboard iOS/iPadOS Configuration Profiles snapshot
  1. Click on Create Profile > Profile Type: Templates > Template Name: [Desired-Name] > Create
Create Profile snapshot
 
  1. In Step 2 Configuration Settings choose Connection Type: Custom VPN
    1. In the Key Field add: saml-use-default-browser
    2. Set Value: True
Custom VPN template snapshot
 


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kIGPCA2&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail