https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264337#M1436 <P>Hi Team,</P><P>&nbsp;</P><P>I am using 3600 and 9300 firewall for my customer. I have configured Remote access vpn with enrolment key certificate.</P><P>For 3600 firewall it is working fine but for 9300 series firewall it is not working. When I connect through vpn client it shows enrolment failed. Does anybody know why it is not connecting to 9300 series firewall. The configuration is same. Should I have to do any other steps on 9300 series firewall.</P><P>Also username + password for RAVPN is working fine but not working for Certifcate+username password.</P><P>&nbsp;</P><P>Version- R81.20 JHF 118</P><P>TAC also haven't find the solution yet. It's pending from 20 days.</P><P>Please help me to resolve the issue.</P> Thu, 04 Dec 2025 05:54:24 GMT Mohit136971 2025-12-04T05:54:24Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264337#M1436 <P>Hi Team,</P><P>&nbsp;</P><P>I am using 3600 and 9300 firewall for my customer. I have configured Remote access vpn with enrolment key certificate.</P><P>For 3600 firewall it is working fine but for 9300 series firewall it is not working. When I connect through vpn client it shows enrolment failed. Does anybody know why it is not connecting to 9300 series firewall. The configuration is same. Should I have to do any other steps on 9300 series firewall.</P><P>Also username + password for RAVPN is working fine but not working for Certifcate+username password.</P><P>&nbsp;</P><P>Version- R81.20 JHF 118</P><P>TAC also haven't find the solution yet. It's pending from 20 days.</P><P>Please help me to resolve the issue.</P> Thu, 04 Dec 2025 05:54:24 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264337#M1436 Mohit136971 2025-12-04T05:54:24Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264365#M1439 <P>Any other relevant messages except enrollment failed?</P> Thu, 04 Dec 2025 14:58:36 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264365#M1439 the_rock 2025-12-04T14:58:36Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264367#M1440 <P>If this is related to machine certificate issue, please see what TAC sent to one of our clients last yer and this actually did work.</P> <P>*****************</P> <P><SPAN>- Policy had not been installed on the gateways since March 15. Sessions had been published, but not pushed to the gateways. Much of the configuration has taken place since then.</SPAN><BR /><SPAN>- Post installation, we needed to perform sk116997 as the CSP used for the machine certificate did not allow the use of SHA256 hashing for authentication.</SPAN><BR /><SPAN>- While we were trying to correct the machine certificate CSP, users were unable to connect to the remote access VPN as they did not belong to the remote access community. Performed sk91844 to change "fetch_type" to "fetch_options", and disabled "ldap_fetch" to prevent LDAP lookup of group memberships, as we wanted users to match the generic* profile and not LDAP.</SPAN><BR /><BR /><SPAN>Following the successful installation of policy, and the changes detailed in sk116997 and sk91844, we saw machine certificate authentication was being performed during login.</SPAN></P> <P><SPAN>*********************************</SPAN></P> Thu, 04 Dec 2025 15:05:31 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264367#M1440 the_rock 2025-12-04T15:05:31Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264470#M1441 <P>Hi,</P><P>&nbsp;</P><P>I have done the steps under this SK(<SPAN>sk91844) but I didn;t understand the second SK. And there is no solution provided on SK and Microsoft site as well.</SPAN></P> Fri, 05 Dec 2025 04:59:29 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264470#M1441 Mohit136971 2025-12-05T04:59:29Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264471#M1442 <P>No other error</P> Fri, 05 Dec 2025 04:59:49 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-access-vpn-with-enrolment-key-certificate-not-working/m-p/264471#M1442 Mohit136971 2025-12-05T04:59:49Z