Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2844: Cloud Proxy unable to establish connection. Error: Certificate cannot not be verified

Centrify Identity Service, App Edition ,  

12 April,16 at 11:07 AM

Applies to: DirectControl for Mobile

 

Problem:


The user reports that the Centrify Cloud Proxy host is unable to establish a connection to cloud services. 


Upon viewing the "Status of the Cloud Proxy Server Configuration utility", the Last Connection Result shows 'Failed'. 


Logging into the Centrify Cloud Manager and it is found that the ability to manage or enroll devices is unavailable. Attempts to run the ConnectionTestGui.exe application reports the following error:

 

Certificate test:

Requesting certificate from Centrify cloud...
Certificate 1
Certificate verified
Certificate 2
Certificate verified

Requesting certificate from service bus...
Certificate 1
Certificate verified
Certificate 2
Certificate cannot not be verified
--------------------------------------------------​------------------------------
Certificate information
Certificate subject: CN=accesscontrol.windows.net
Certificate verified: False
Certificate issuer name: CN=MSIT Machine Auth CA 2, DC=redmond, DC=corp, DC=microsoft, DC=com
Chain Information
Chain revocation flag: EntireChain
Chain revocation mode: Online
Chain error status
--------------------
PartialChain A certificate chain could not be built to a trusted root authority.

RevocationStatusUnknown The revocation function was unable to check revocation for the certificate.

OfflineRevocation The revocation function was unable to check revocation because the revocation server was offline.

--------------------
Chain Element Information
Number of chain elements: 3
----------------------------------------
Element certificate name : CN=accesscontrol.windows.net
Element certificate verified : False
Chain elements error status
RevocationStatusUnknown
The revocation function was unable to check revocation for the certificate.

OfflineRevocation
The revocation function was unable to check revocation because the revocation server was offline.

----------------------------------------
Element certificate name : CN=MSIT Machine Auth CA 2, DC=redmond, DC=corp, DC=microsoft, DC=com
Element certificate verified : False
Chain elements error status
RevocationStatusUnknown
The revocation function was unable to check revocation for the certificate.

OfflineRevocation
The revocation function was unable to check revocation because the revocation server was offline.

----------------------------------------
Element certificate name : CN=Microsoft Internet Authority
Element certificate verified : False
Chain elements error status
RevocationStatusUnknown
The revocation function was unable to check revocation for the certificate.

OfflineRevocation
The revocation function was unable to check revocation because the revocation server was offline.

 

Cause:


This error is displayed if the proxy host does not contain the required Centrify certificates listed in the the local Trusted Root Certification Authorities console.

 

Check in the Trusted Root Certification Authorities console to verify the currently installed certificates by performing the following steps:


1. Run the command 'mmc' from the Windows Start menu 'Run' selection.


2. Once the mmc console is open, choose 'Add / Remove Snap-in' from the File menu


3. Select 'Certificates' from the list of available snap-ins and choose 'Add'


4. When prompted to select a snap-in, choose 'Computer account' > Next > Finish. Close the Add / Remove Snap-Ins window


5. In the console tree, open Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates

 

Solution:


Restore the missing certificates by performing a repair install of the Centrify Cloud Manager Suite on the current proxy host. 


Start the installation process by launching the Centrify Cloud Proxy Server Installer that is available for download at:


  http://www.centrify.com/cloud/download.asp#cloud-proxy


After starting the install wizard, choose 'Repair' from the list of available options and allow setup to complete.

 

The Cloud Management Suite can also be uninstalled from the proxy host first and then perform a normal installation to restore all required certificates

 

The certificates can also be manually imported into the Trusted Root Certification Authorities. 

These certificates are not available for direct download but can be provided by submitting a request to Centrify Technical Support

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.