Here is the procedure Alex followed—a standard fix for this specific "TPM public key match" scenario:
For more information on Palo Alto Networks devices and TPM-related issues, check out the following resources: Here is the procedure Alex followed—a standard fix
Your firewall is configured with Machine Certificate under Network > GlobalProtect > Portals > Authentication > Client Certificate . If you updated the portal’s trusted CA list but did not update the , the firewall expects a public key from an old issuer. Flushing it clears the validation queue
Sometimes the local telemetry database hangs onto a bad cryptographic state. Flushing it clears the validation queue. Run the targeted local fetch command: request certificate fetch Use code with caution. Here is the procedure Alex followed—a standard fix
If the Management Interface MTU is too high, packets containing the certificate data may be fragmented or dropped. Policy Restrictions: paloalto-shared-services application being blocked in a security policy. Registration Issues:
On the Gateway configuration: