I had an issue with XConnect on Sitecore installation, I have checked the Sitecore logs and found this:
StatusCode: 403, ReasonPhrase: 'Forbidden',
I reviewed the permissions of the Certificate. I was using for xconnect (A valid certificate) and everything was fine so I decided to check the IIS logs and found this (Xconnect Reference Data and XConnect Website):
2021-07-04 19:26:22 10.242.28.71 PUT /refdata/definitiontype/ensure - 443 - 10.242.28.68 - - 403 13 2148081683 5792
The IIS was show 403 13 this means:
HTTP 403.13 Forbidden: Client certificate revoked.
This article helped me understand what was going on:
https://techcommunity.microsoft.com/t5/iis-support-blog/client-certificate-revisited-how-to-troubleshoot-client/ba-p/348053
The environment that I was working is a Sitecore 10 without internet access, this means that server could not retrieve a CRL(Certificate revocation list).
I use the netsh command to check if "Verify Client Certificate Revocation" was enabled, and it was.
>netsh http show sslcert
I have two bidings for that Website:
Then I disabled using the netsh command, first you need to delete then you need to add again.
Delete:
>netsh http delete sslcert hostnameport=website.contoso.com:443
Add with Verify Client Certificate Revocation Disabled
On cmd
>netsh
>http
>add sslcert hostnameport=website.contoso.com:443 certhash=yourcerthash appid={appid} certstorename=My verifyclientcertrevocation=disable
After that I was able to access Sitecore Analytics.
I disabled the check for Xconnect Collection and Reference Data.