I have more and more cases (let's say, 5-10 per day) in my organization (100k+ PCs) where people suddenly can't connect to VPN, and the reason is because the private key of their certificate no longer exists. What's interesting, when you open the "Manage user certificates" plugin, it shows the padlock icon, but VPN software can't use the certificate. Running "certutil repair" against the certificate also results in failure, and the only way to help them is to get new certificate.
I am trying to find some reason for that for past 2 months, and I really don't know what's going on, and how to troubleshoot this further. I had been looking through Windows Event Log, but I can't find anything that would seem relevant to the certificate store. It's like one day they're working fine, the next day suddenly can't connect. The only legit reason for private key corruption that I know is forcibly changing user password, but this is not what's happening here.
How can I approach troubleshooting what happened?
0 Answers