Problem: When attempting to log in with a user that requires MFA the following error is presented:
SSL Connection Error
Cause:This error is due to a certificate problem. A required certificate may be missing or unable to be read.
Note:
Please ensure the Centrify Direct Control agent is 5.3.1-402 or greater.
Resolution:Please run the following to check for errors:
/usr/share/centrifydc/bin/adcdiag
Open the log created by this utilitiy and check for the following error message:
Trying SPNEGO (GSSAPI/Kerberos) negotiation failed.
Solution/Troubleshooting Steps:
1. Check if Cloud connector certificate was properly uploaded to the machine:
Download the IWA root CA certificate:
Setting->Network->Cloud Connectors->Cloud Connector configuration->IWA Service" page on cloud admin portal
Apply to GP:
Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities.
Run:
adgpupdate
Check:
/var/centrify/net/certs if the certificates have been added.
2. Check if "Enable Web Server" is set and HTTPS is enabled for this connector
3. Check if "Allow IWA connections" is set under "Policy->Default Policy->User Security Policies->Login Authentication".