USG 60 / SecuExtender SSL 4.0.3.0 : no matching certificate on some clients with Win10 rel 20H2

JeanValjean
JeanValjean Posts: 5  Freshman Member
First Comment Fourth Anniversary
edited April 2021 in Security
Hello,
I'm having an issue here.
Zywall USG 60 updated to latest 4.60 patch 1.
Used in SSL VPN configuration, with SecuExtender SSL v4.0.3.0

This USG 60 has been in service for some years now, with no issues.

I was noticed very recently of an issue preventing establishment of a SSL VPN connexion, on some clients computers.

Here's the case of two of them that fail connecting :
Laptop 1 : brand new, reformated upon arrival with Windows 10 Pro rel. 20H2
Laptop 2 : 4 years old. Windows 10 Pro OS has recently upgraded to rel. 20H2

Those two laptop can't connect anymore. When clicking connect, this windows certificate bank popups :
Roughly translated in english : "No certificate available. No certificate matches the program requirements. Click OK to continue".

When clicking OK, the connexion process stops, going back to the parameters window, standby, red icon in systray.

A root certificate with a private key is present in trusted root certification authorities on the two computers :

On a third computer I'm currently using, OS Win10 Pro 20H2, on whitch the SSL connexion still works, I have 2 similar SecuExtender certificates, that seems identical except for the serial.

Tried uninstalling and reinstalling SecuExtender SSL v4.0.3.0, rebooting, retrying, to no avail. Tried the same from a local administrator account : same issue.

Is the issue coming from an inadequate or solo SecuExtender certificate, or is this a issue rising from changes in security API since 20H2 release ?

Thanks, the issue is quite severe here, a bunch of users being kept unable to remotely work.


Comments

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,266  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @JeanValjean

    There two points we need to clarify:

    (1).When this symptom appears, please enter MS services.msc and check if ZyWALL SecuExtender Helper service is running or can manually re-execute.

    (2).If symptom still appear please provide your C:\SecuExtenderHelper.log file to me via private message for further investigation.

    Thanks.



    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)