Certificates - Troubleshooting

Connect - Website unreachable because service account "Connect" lacks read access to TLS certificate

Symptom:

When the ConnectServer Windows service is started under the dedicated service account "connect", the Web-UI returns "Can´t reach this page" from every local or remote browser.

Running the service as SYSTEM or adding "connect" to Administrators-Group resolves the issue, indicating a permission problem

Root Cause:

The service account "connect" could not read the private key of the TLS certificate.

Solution:

1. Open mmc.exe → Certificates (Local Computer) → Personal → Certificates

2. Locate the certificate used by "Connect" (issued to the server FQDN)

3. Right-click → All Tasks → Manage Private Keys …

4. Add → select the local user "connect", grant Read permission, OK

5. Restart the Connect service

Prevention / Best Practice

• Always import the TLS certificate into the Local Machine store (not Current User)

• Immediately grant Read access on the private key to the non-privileged service account.