The Auth Connector connection status is green, but all users are showing up as unauthenticated.
The ThreatPulse (cloud) Auth Connector connection status is green (good) and connected in the Portal, but all users display as "Unauthenticated" users.
On the Windows server running the Auth Connector, the following SSL error (triggered by the Auth Connector) was seen in the Windows application event log:
"The certificate chain was issued by an authority that is not trusted."
After running this command:
netstat -an | find "443"
There were multiple connections to certain Cloud SWG pod IP addresses 148.64.15.xxx:443 (Dublin pod IP address) in TIME_WAIT status.
NOTE: This IP address is one of the portal IP addresses, similar to those described in 000014870
After enabling debug logging for BCCA Auth Connector agent, it was seen that the connection to auth.threatpulse.com was successful (in the BCCA debug log), but the connection to the cloud service (IP similar to: 148.64.15.xxx example above in Dublin) was failing with the above certificate error.
To resolve the issue, enter the IP address in the SSL error in a Web browser on the Windows server that is running the Auth Connector. For example:
https://148.64.15.148
The full certificate chain is viewed and the intermediate CA certificate is saved to a local file.
Launch Start->Run "mmc" and the Certificates snap-in for the local computer account is added.
The intermediate CA certificate is imported into the Intermediate CA store, and the BCCA agent is restarted.
At this point, all users get authenticated.