This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
flachance
MVP Silver
MVP Silver
‎2026-01-27 11:54 AM
Jump to solution

Negotiation with site failed

We're using Machine cert to authenticate. Client is 88.70.

I have one user that used to connect with no issues and now he is getting Negotiation with site failed.

His certificate looks fine so I'm not sure where it's failing.

What are the logs that we can check to possibly get more details on the failed negotiation? trac.log? Anything else?

 

thanks

0 Kudos
1 Solution

Accepted Solutions
flachance
MVP Silver
MVP Silver
4 weeks ago
Jump to solution

So the user was finally able to go onsite and connect to the network which apparently fixed the issue. Still not sure why it happened tough is certificate was valid and all. Anyway it works now.

View solution in original post

20 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-01-27 12:47 PM
Jump to solution

Check the logs by filtering for the blade itself.

Screenshot_1.png

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
israelfds95
MVP Gold
MVP Gold
‎2026-01-27 01:37 PM
Jump to solution

This user was working and then stopped. However, this raises some questions:

  1. Is this situation occurring only with this single user, or are others experiencing the same issue?

  2. If it is an isolated case, is the user’s internet connection working properly?

  3. Verify whether the user’s machine certificate has expired.

  4. Update the GPO if necessary, or renew the certificate.

  5. If this is a more global issue, it is also worth checking whether there was any problem with the ISP link.

  6. Collect the endpoint logs from the affected machine, gather the vpnd.elg logs, and review the authentication logs for this user shown in SmartConsole for understand what is happening with this authentication. 
    How to collect VPN logs from the Endpoint Security Client / Endpoint Security VPN
    https://support.checkpoint.com/results/sk/sk169258

  7. Open a TAC case and send the log collected if necessary. 

    Best regards
(1)
the_rock
MVP Diamond
MVP Diamond
‎2026-01-27 07:54 PM
In response to israelfds95
Jump to solution

All super valid points @israelfds95 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
flachance
MVP Silver
MVP Silver
‎2026-01-28 05:28 AM
In response to israelfds95
Jump to solution

Great stuff thanks. 1-Issue is with one single user. 2-Internet connection working properly. 3-Machine cert is valid.

4- User works remotely full time, so no VPN = no GPO update or cert renewal. For the time being he's using Citrix. I could get him to come in but if possible I'd like to know what's going on in case it happens again to someone else. If the only solution is to come in and update the GPO and renew the cert that'll be it but I'd like to try and find another way if there is one.

5-not a global issue

6- That's where I am. There is a lot of logs when you collect them from the endpoint. Is there some that correspond more to the vpn negotiation?

0 Kudos
israelfds95
MVP Gold
MVP Gold
‎2026-01-28 05:59 AM
In response to flachance
Jump to solution

Ok, so it seems to be an isolated issue. The trac.log usually provides more information, but it’s also worth checking the other .log files. I don’t know all of them in detail, so it’s a good idea to try to reproduce the issue, collect the logs, and send them to TAC for analysis.

In SmartConsole, did you find any relevant logs about this user’s failed authentication attempt? If so, please let us know what they show.

Is the number of Office Mode IPs within limits? Sometimes it can reach the maximum.

When the user tries to authenticate, what error message is shown on the endpoint?

It would be helpful to schedule a new call with the user and collect evidence while they try to connect. Try to capture as many logs as possible at the moment of the error, check them in SmartConsole and in trac.log, and make sure that Enable logging – Extended is enabled when running it️

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-28 06:05 AM
In response to israelfds95
Jump to solution

Totally valid point. @flachance Any way you can have that user reinstall the VPN client, then create vpn site brand new and test? Have them install latest version, E89.10

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
flachance
MVP Silver
MVP Silver
‎2026-01-28 06:25 AM
In response to israelfds95
Jump to solution

No seeing anything that looks useful in smartconsole logs. But I just got a new element to the story. This started after the user installed an out of band windows update (Update for Windows (KB5077797)). Someone else also just did that and got the same issue. They uninstalled the update but the issue is still there.

One will connect at work and try a gpupdate. If it fails he'll try uninstall/reinstall.

I'll add updates after they tried

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-31 10:31 AM
In response to flachance
Jump to solution

K, fair enough...so, it sounds most likely was a windows update issue. Are they able to uninstall it, reboot and test?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-01 09:33 AM
Jump to solution

Hey @flachance 

I was actually able to replicate your issue in the lab with that windows update, had exact same problem.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
flachance
MVP Silver
MVP Silver
‎2026-02-02 06:32 AM
In response to the_rock
Jump to solution

Just as I was ruling out that windows update 😆. The second user who reported the issue actually had a different issue (trouble with his Internet connection). The first one tried to uninstall the update/reboot but still has the issue. I tried installing the update myself and everything works fine. Back to gathering logs...

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-02 06:39 AM
In response to flachance
Jump to solution

I dont really believe in life coincidences, but hey, this could have been one of those : - )

Anyway, if it did not happen for you, maybe different processor type? Just a guess...

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
flachance
MVP Silver
MVP Silver
‎2026-02-03 05:57 AM
In response to the_rock
Jump to solution

No we have the exact same laptop model. He did try to uninstall the Windows update and it didn't work. Where you able to make it work by uninstalling the Windows update?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-03 06:14 AM
In response to flachance
Jump to solution

Just uninstalled it from windows update options, from settings.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
flachance
MVP Silver
MVP Silver
‎2026-02-03 07:54 AM
In response to the_rock
Jump to solution

did the remote access vpn starts working again after you uninstalled the Windows update?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-03 08:32 AM
In response to flachance
Jump to solution

It did, yes.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-05 07:36 AM
Jump to solution

Hey mate,

Any luck with this? Did uninstalling the latest windows update work?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
flachance
MVP Silver
MVP Silver
‎2026-02-05 07:50 AM
In response to the_rock
Jump to solution

No uninstalling the Windows update didn't work. User will go to the office and connect on the network. We'll see if the problem remains after.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-05 07:52 AM
In response to flachance
Jump to solution

K, keep us posted.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
flachance
MVP Silver
MVP Silver
4 weeks ago
Jump to solution

So the user was finally able to go onsite and connect to the network which apparently fixed the issue. Still not sure why it happened tough is certificate was valid and all. Anyway it works now.

the_rock
MVP Diamond
MVP Diamond
4 weeks ago
In response to flachance
Jump to solution

Glad to hear!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events