This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Prasaddere
Contributor
‎2024-12-12 06:02 AM

Remote VPn certificate based authentication issue.

We have configured Certificate based authentication but we are getting message on VPN client that "User Account Expired 31 Dec 2020"

When user connect from Client to VPN, it shows user Certificate but whne he connect, it give above error message.

 

We have already added Root CA  in Trusted CA and issuing CA in Subordinate CA. 

Generated CSR and got the Certificate from Internal CA

Selected Personal Certificate in Authetication in VPN Client as well in Mobile Access.

In Mobile access, Portal setting added another internal CA certification.

0 Kudos
6 Replies
CaseyB
Advisor
‎2024-12-12 06:10 AM

Is this field set properly for the user account in question?

User_Expire.png

0 Kudos
Prasaddere
Contributor
‎2024-12-12 06:29 AM
In response to CaseyB

Actually user which we are tring to connect is on AD not locally..  We have other users where there Account was expired on 31 dec 2020 which are on locally on checkpoint. 

0 Kudos
Prasaddere
Contributor
‎2024-12-12 06:47 AM
In response to Prasaddere

Below is the Message in Traffic logs

Main Mode Sent Notification to Peer: Client Encrypt Notification: User account expired on 31-Dec-2020.

 

User account expired on 31-Dec-2020. ---This data is picked up from the checkpoint only in the backend but not sure from where?

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-12-12 08:14 AM
In response to Prasaddere

It might be in the generic* user that you need to change the expiration on.
The only way to find this user (if it's indeed defined in your environment) is via SmartDashboard (not SmartConsole).
Otherwise, I suggest contacting TAC.

0 Kudos
Prasaddere
Contributor
‎2024-12-12 10:21 PM
In response to PhoneBoy

Thanks, After changing the expiration on generic* user, message has gone but getting another message now on Endpoint security client that "Main Mode Sent Notification to Peer: Client Encrypt Notification: Access denied - wrong user name or password "

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2024-12-12 12:46 PM

Even if you are using AD for authentication, some settings are inherit from default password templates. Check following:

LDAP Account Unit -> double click on correct AU -> Authentication -> Section "Users' default values". If "use user template" checkbox is ticked, then see which user template is used.

Search for this user template in "User Templates" within object explorer. Open affected template and right in General tab you can see Expiration of this template (which is valid for all users, not just locally configured).

If inside the user template you have "According to Global Properties", head to Global Properties -> User Accounts and there you should see Expiration.

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top