Forum Discussion
GSA client exclamation mark, Forwarding policy dosen't exist in registry
Good day,
Have difficult time getting Entra Private Access working.
Entra portal
---------------
GSA > Dashboard > Device Status says : 0 have the Global Secure Access Client installed: 0.0%
The client pc is entra joined and is compliant, the client user has Entra ID Suite Trail license assigned.
Traffic forwarding > Private access is enabled, have Quick Access application configured for SMB access. User and group assigments is set to a group where the user resides.
Microsoft traffic profile and Internet access profile = disabled (as for now i just want to make the Private acces profile working)
Enterprise applications = 1 active
Connectors are online with status active.
Client PC
------
Event log of client pc says the understated:
Error occurred while requesting a new forwarding profile: The SSL connection could not be established, see inner exception.. Request Parameters: Microsoft Entra Device ID: 61ma02-9453-1277-98gz-hkdhksa3d0, Correlation vector: kdfhkshfkashdJ.0, APS URL: https://aps.globalsecureaccess.microsoft.com/api/v3/AgentSettings?os=Windows%2010&clientVersion=2.8.45.0. The client will continue working with the existing forwarding profile.
GSA Advanced diagnostics:
Username : empty
Tenant ID : empty
Forwarding profile ID: empty
Client version 2.8.45.0
Health check = is green till Policy server is reachable, after that exclamation mark.
https://aps.globalsecureaccess.microsoft.com/api/v3/AgentSettings?os=Windows%2010&clientVersion=2.8.45.0
if i try the above url in the browser then i get invalid request, this means that the client is able to reach the server, which means network or DNS issues are unlikely and the The SSL handshake is successful, and the certificate is valid.
Need guidance as to understand why the client is not able to retreive profiles, i am using windows 11. Tried with disabling firewall too.
Thanks!
also https://aps.globalsecureaccess.microsoft.com/api/v3/AgentSettings?os=Windows%2010&clientVersion=2.8.45.0 issue ? CJHarms, in a way good to know you are also having same issue.
I have made a ticket with Microsoft last week, still no reply. Hopefully someone will help me through. May be we are hitting a BUG.
Exact same Problem for me. No idea how to fix it.
Hello Harms,
We had added some values to the Cipher Suite to make our certificate based WIFI working and that seems to be issue why the GSA client was not connecting. I am still not sure which line is causing the issue but may be my understated steps will help you in someway.
I installed a new windows machine and copied the values and pasted it to my machine (take care of the white spaces, otherwise even after restarting it will not work). I used delete space funtion in excel and pasted the values.
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003Regards, Shaju
Hello CJHarms,
also the same error about The SSL connection could not be established, https://aps.globalsecureaccess.microsoft.com/api/v3/AgentSettings?os=Windows%2010&clientVersion=2.8.45.0 in the event viewer ? I dont have an older client to test with, may be we are hitting a BUG. I have created a ticket with Microsoft last week, still no reply. Hopefully i would get hold of someone who can get me through to a solution. Thanks!
Regards, Sdevassy
In a way to know that you have the same issue, may be we are hitting a BUG (likely).
i have made a ticket with Microsoft last week, no update yet. Hopefully a engineer will get back to me to help me through.
