Solutions

Threatpulse client in failed close state - Unable to connect to the Internet

Solutions ID:    KB4968
Version:    4.0
Status:    Published
Published date:    03/05/2012
Updated:    06/24/2013
 

Problem Description

Blue Coat Threatpulse client is installed onto a workstation.
The workstation is unable to connect to the Internet.
Using version 1.4.12000.0 or lower of the ThreatPulse client
The MSI was installed using the /quiet parameter
Error:  Not Connected to ThreatPulse - Failure Mode (Closed)
Error:  HTTPS - Unknown
Error:  Tampering Detected
Error:  Server's certificate failed validation at depth: 1, CN = Entrust Certification Authority - L1C, error = unable to get local issuer certificate
Error:  Switching to DENY mode since certificate was invalid

Resolution

To resolve the issue, please install the Entrust CA (2048) root certificate onto the workstation.  You can manually download the certificate from Entrust's site, or you can download the latest Microsoft root certificate update from Microsoft's web site.  This document will include both ways of updating the client.  NOTE:  The workstation is effectively shutdown and will be unable to reach the Internet.  You can download the necessary updates to a USB stick and install it onto the affected workstation from the USB drive.  If that is not possible to do, then please uninstall the client, install the Entrust CA (2048) certificate using one of the methods below, and reinstall the ThreatPulse client connector.

 

DOWNLOADING THE ENTRUST CA (2048) ROOT CERTIFICATE FROM ENTRUST.NET

Please do the following steps:

1.)  Go to http://www.entrust.net/developer/index.cfm
2.)  Click on the Download Root Certificates button
3.)  Select Personal Use and click on Download Certificates
4.)  Select Root Certificates
5.)  Select Entrust CA (2048)  (file download entrust_2048_ca.cer)
6.)  Double click on the downloaded root certificate and install it into the workstations root certificate store.
7.)  If the client is still installed on the workstation, reboot the workstation.  Once the certificate is properly installed, then the errors will go away.  If a single reboot doesn't remedy the problem, you may want to try another reboot.

NOTE:  It has been observed on some workstations that have not been updated in a long time, or workstations that do not have any patches beyond Windows XP SP3, that even with the Entrust Root CA (2048) installed, the client will continue to return the L1C error as described in the problem description.  The way to work around it is to go to https://support.microsoft.com/kb/931125 and download and install the latest root certificate update patch.  Even with a workstation that has Windows XP SP3 and unpatched beyond that, installing the root cert update from KB931125 will be sufficient to get the client installed and working.  Blue Coat does not recommend that customers run with computers that far out of date as the computers can be exposed to security vulnerabilities in the operating system proper.

 

DOWNLOADING ROOT CERTIFICATES FROM MICROSOFT

For Windows XP users, approximately once per quarter Microsoft updates their root certificates.  Blue Coat recommends that the latest root certificate update be installed onto the workstation.  This is done through Windows Update and is under the "Optional" downloads section.  Microsoft KB931125 (http://support.microsoft.com/kb/931125) documents the process for the various Windows OSes.

 

TROUBLESHOOTING

Right click on the ThreatPulse client connector shield in the system tray and select Status > Advanced > Show File.  Search the log file for "Entrust Certification Authority" and see if the error is contained in the log file and matches the error in the problem description above.  If so, then download the Entrust CA (2048) certificate and install it on the workstation.

 

ADDITIONAL INFORMATION

The ThreatPulse client uses the Entrust CA (2048) root certificate.  This error occurs when the Entrust CA (2048) root certificate is not installed onto the workstation.  When the client is installed in interactive mode, it will detect if the root certficate is installed or not.  If the Entrust CA (2048) is not installed, then the client installation will fail.  However, when the client is run in non-interactive mode (/quiet switch used), then the root certificate check is not executed and the client will install.  Clients newer than 1.4.12000.0 will check for the existence of the Entrust Root CA (2048) in both interactive and non-interactive mode.  If you experience a problem with the client not checking for the existence of the Entrust root cert, please go to https://portal.threatpulse.com/ and download the latest version of the client and rerun your test.  If it continues to be an issue, then please contact Blue Coat Technical Support and open a service request.

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question