You receive the message below when trying to elevate an application via a Least Privilege Manager SbPAM policy.
“There was an error while signing in. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS Secure Channel.”
OR
“The communication with the NPS server requires trusted communication. Enable certificate bypass in NPS Global Settings to override.”
CAUSE:
There are no SSL Certificates set up for use in the SbPAM / NPS server, and Signing is currently enabled on the endpoints.
RESOLUTION:
For CSE versions BEFORE 23.7.3583…
Enable the PolicyPak ADMX Template setting below to BYPASS SSL Certificate verification on the endpoints.
Admin Templates > PolicyPak ADMX Settings > Client-Side Extensions > Least Privilege Manager > Bypass SbPAM server SSL certificate verification: ENABLED
For CSE versions AFTER 23.7.3583…
The PolicyPak ADMX Template setting to BYPASS SSL Certificate verification on the endpoints has been REMOVED from the PolicyPak ADMX Troubleshooting files.
INSTEAD, you will need to use the latest MMC snap-in; either from your NPS download or via the PolicyPak download.
Then in the Least Privilege Manager node, in the Global Netwrix Privilege Secure Settings, select YES to Enable Certificate bypass like what’s seen here.
Note: PolicyPak Cloud does not currently have this setting available in the in-cloud editor but you can use the MMC method above or you can update the registry key at the location shown in the screenshot below to Enable certificate bypass. This setting will be added to the in-cloud editor in a later release for PolicyPak Cloud.
