The Auth Connector connection status is green, but all users are showing up as unauthenticated.
The ThreatPulse (cloud) Auth Connector connection status is green (good) and connected in the Portal, but all users display as "Unauthenticated" users.
On the Windows server running the Auth Connector, the following SSL error (triggered by the Auth Connector) was seen in the Windows application event log:
"The certificate chain was issued by an authority that is not trusted."
After running this command:
netstat –an | find "443"
There were multiple connections to 199.116.173.xxx:443 in TIME_WAIT status.
NOTE: This IP address is one of the portal IP addresses, similar to those described in 000014870
After enabling debug logging for BCCA Auth Connector agent, it was seen that the connection to auth.threatpulse.com was successful (in the BCCA debug log), but the connection to the cloud service (IP similar to: 199.116.173.xxx) was failing with the above certificate error.