Threatpulse client in failed close state - Unable to connect to the Internet

<< Back to Knowledge Search



Blue Coat Threatpulse client is installed onto a workstation.
The workstation is unable to connect to the Internet.
Using version 1.4.12000.0 or lower of the ThreatPulse client
The MSI was installed using the /quiet parameter
Error:  Not Connected to ThreatPulse - Failure Mode (Closed)
Error:  HTTPS - Unknown
Error:  Tampering Detected
Error:  Server's certificate failed validation at depth: 1, CN = Entrust Certification Authority - L1C, error = unable to get local issuer certificate
Error:  Switching to DENY mode since certificate was invalid


To resolve the issue, please install the Entrust CA (2048) root certificate onto the workstation.  You can manually download the certificate from Entrust's site, or you can download the latest Microsoft root certificate update from Microsoft's web site.  This document will include both ways of updating the client.  NOTE:  The workstation is effectively shutdown and will be unable to reach the Internet.  You can download the necessary updates to a USB stick and install it onto the affected workstation from the USB drive.  If that is not possible to do, then please uninstall the client, install the Entrust CA (2048) certificate using one of the methods below, and reinstall the ThreatPulse client connector.



Please do the following steps:

1.)  Go to
2.)  Select Certificate Authority (2048)  (file download entrust_2048_ca.cer)  Direct file download is 
3.)  Double click on the downloaded root certificate and install it into the workstations root certificate store.
4.)  If the client is still installed on the workstation, reboot the workstation.  Once the certificate is properly installed, then the errors will go away.  If a single reboot doesn't remedy the problem, you may want to try another reboot.

NOTE:  It has been observed on some workstations that have not been updated in a long time, or workstations that do not have any patches beyond Windows XP SP3, that even with the Entrust Root CA (2048) installed, the client will continue to return the L1C error as described in the problem description.  The way to work around it is to go to and download and install the latest root certificate update patch.  Even with a workstation that has Windows XP SP3 and unpatched beyond that, installing the root cert update from KB931125 will be sufficient to get the client installed and working.  Blue Coat does not recommend that customers run with computers that far out of date as the computers can be exposed to security vulnerabilities in the operating system proper.



For Windows XP users, approximately once per quarter Microsoft updates their root certificates.  Blue Coat recommends that the latest root certificate update be installed onto the workstation.  This is done through Windows Update and is under the "Optional" downloads section.  Microsoft KB931125 ( documents the process for the various Windows OSes.



Right click on the ThreatPulse client connector shield in the system tray and select Status > Advanced > Show File.  Search the log file for "Entrust Certification Authority" and see if the error is contained in the log file and matches the error in the problem description above.  If so, then download the Entrust CA (2048) certificate and install it on the workstation.



The ThreatPulse client uses the Entrust CA (2048) root certificate.  This error occurs when the Entrust CA (2048) root certificate is not installed onto the workstation.  When the client is installed in interactive mode, it will detect if the root certficate is installed or not.  If the Entrust CA (2048) is not installed, then the client installation will fail.  However, when the client is run in non-interactive mode (/quiet switch used), then the root certificate check is not executed and the client will install.  Clients newer than 1.4.12000.0 will check for the existence of the Entrust Root CA (2048) in both interactive and non-interactive mode.  If you experience a problem with the client not checking for the existence of the Entrust root cert, please go to and download the latest version of the client and rerun your test.  If it continues to be an issue, then please contact Blue Coat Technical Support and open a service request.


Additional Information
Bug Number
InQuira Doc IdKB4968

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      11/24/2015
Last Published      11/24/2015
Article Audience
Product      Cloud Client Connector
Topic      Installation / Configuration
Article Number      000014070
Was this helpful?
Previous MonthNext Month