https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/135453#M23271 <P>Hello,</P><P>&nbsp;</P><P>currently we deploy checkpoint identity Agent in our enviroment.</P><P>&nbsp;</P><P>On most Users it's working like expected but on some users only Machine Information will be set after user login but the user account won't be detected:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp-ida-issue.JPG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14441i6F66B67C86E76571/image-size/medium?v=v2&amp;px=400" role="button" title="cp-ida-issue.JPG" alt="cp-ida-issue.JPG" /></span></P><P> </P><P>&nbsp;</P><P>If I logon on the same computer with another ActiveDirectory User Account then this user account will be detected from the agent.</P><P>&nbsp;</P><P>What can be the problem there and how can I debug this issue?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P><P>Florian</P> Fri, 03 Dec 2021 08:18:34 GMT Us4r 2021-12-03T08:18:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/135453#M23271 <P>Hello,</P><P>&nbsp;</P><P>currently we deploy checkpoint identity Agent in our enviroment.</P><P>&nbsp;</P><P>On most Users it's working like expected but on some users only Machine Information will be set after user login but the user account won't be detected:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp-ida-issue.JPG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14441i6F66B67C86E76571/image-size/medium?v=v2&amp;px=400" role="button" title="cp-ida-issue.JPG" alt="cp-ida-issue.JPG" /></span></P><P> </P><P>&nbsp;</P><P>If I logon on the same computer with another ActiveDirectory User Account then this user account will be detected from the agent.</P><P>&nbsp;</P><P>What can be the problem there and how can I debug this issue?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P><P>Florian</P> Fri, 03 Dec 2021 08:18:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/135453#M23271 Us4r 2021-12-03T08:18:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/135462#M23272 <P>This issue looks like in&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk120838&amp;partition=Advanced&amp;product=Identity" target="_blank">sk120838: Sometimes, output of "pep show user all" command does <STRONG>not</STRONG> show <STRONG>username</STRONG> in the "Username@Machine" column</A></P> <P>Further info:</P> <P><A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86441&amp;partition=Advanced&amp;product=Identity" target="_blank" rel="noopener">sk86441: ATRG: <STRONG>Identity</STRONG> Awareness</A></P> <P><A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk113232&amp;partition=Advanced&amp;product=Identity" target="_blank" rel="noopener">sk113232: <STRONG>Identity</STRONG> Awareness <STRONG>Agent</STRONG>: Network Communication and Process Summary</A></P> <P>&nbsp;</P> Fri, 03 Dec 2021 10:16:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/135462#M23272 G_W_Albrecht 2021-12-03T10:16:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/135598#M23273 <P>Hello,</P><P>&nbsp;</P><P>it looks like it's really a specific Problem of the active directory UserAccount. If this useraccount tries to logon on another compuer also the user won't be authenticated using kerberos.</P><P>&nbsp;</P><P>Anything else how I can debug this issue? Can this be something like a permission problem on the user Account in the active directory?</P> Mon, 06 Dec 2021 10:16:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/135598#M23273 Us4r 2021-12-06T10:16:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/146510#M23274 <P>Hi!</P><P>I'm deploying Identity Agent in our environment (VSX HA cluster in R81.10) and we're having exactly the same issue.</P><P>Did you managed to have a closure for this?</P><P>&nbsp;</P><P>thanx!</P> Tue, 19 Apr 2022 16:43:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/146510#M23274 David_M_Almas 2022-04-19T16:43:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/164216#M29391 <P>We had same issues has probably something to do with Kerberos ticket size for some users, in the pdp logs you might see PDPD (TD::Critical)] pdp::NACUrlProtocol::DataReceived: data length: 48578 ,exceeds the maximum of: 40974, try adjusting <STRONG>ccc_max_msg_size </STRONG>with DBedit tool, follow sk66087 <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk66087&amp;partition=Advanced&amp;product=Identity" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk66087&amp;partition=Advanced&amp;product=Identity</A></P><P>&nbsp;</P> Mon, 05 Dec 2022 16:57:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/164216#M29391 dehaasm 2022-12-05T16:57:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/166931#M30097 <P>For future reference.</P><P>-----------------------------------------------------------------------</P><P>After reporting this issue to TAC, they noticed this error in the IA Agent logs:<STRONG><BR /></STRONG></P><P><STRONG>[PDPD (TD::Critical)] pdp::NACUrlProtocol::DataReceived: data length: 9923 ,exceeds the maximum of: 8196</STRONG></P><P>&nbsp;</P><P>We then proceeded to increase the value ccc_max_msg_size using the following procedure (as always, please don't forget to perform a backup):</P><OL><LI>Connect with SmartConsole to the Security Management Server / Domain Management Server.</LI><LI>In the top left corner, click&nbsp;<STRONG><EM>Menu</EM></STRONG>&nbsp;&gt;&nbsp;<STRONG><EM>Database Revision Control</EM></STRONG>&nbsp;&gt; create a revision snapshot.</LI></OL><P>Note: Database Revision Control is not supported for VSX objects (<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk65420" target="_blank">sk65420</A>) and Endpoint Security Servers. Instead, if running SMS/DMS in a virtual machine perform a snapshot prior to the following procedure.</P><P>In addition, refer to:</P><OL><UL><LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108902" target="_blank">sk108902 - Best Practices - Backup on Gaia OS</A></LI><LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk91400" target="_blank">sk91400 - System Backup and Restore feature in Gaia</A></LI></UL></OL><P>Close&nbsp;<STRONG>all</STRONG>&nbsp;SmartConsole windows.</P><P>Verify by running the "<EM>cpstat mg</EM>" command on Security Management Server / in the context of&nbsp;<EM>each</EM>&nbsp;Domain Management Server.</P><OL><LI>Connect with&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk13009" target="_blank">GuiDBedit Tool</A>&nbsp;to the Security Management Server / Domain Management Server.</LI><LI>In the upper left pane, go to&nbsp;<STRONG><EM>Table</EM></STRONG>&nbsp;&gt;&nbsp;<STRONG><EM>Network Objects</EM></STRONG>&nbsp;&gt;&nbsp;<STRONG>network_objects</STRONG>.</LI><LI>In the upper right pane, select the relevant Gateway or Cluster object.</LI><LI>Press CTRL+F (or go to&nbsp;<STRONG><EM>Search</EM></STRONG>&nbsp;menu &gt;&nbsp;<STRONG><EM>Find</EM></STRONG>) &gt; paste&nbsp;<STRONG>ccc_max_msg_size&nbsp;</STRONG>&gt; click&nbsp;<STRONG><EM>Find Next</EM></STRONG>.</LI><LI>In the lower pane, right-click on the&nbsp;<STRONG>ccc_max_msg_size&nbsp;</STRONG>&gt; select&nbsp;<STRONG><EM>Edit</EM></STRONG>&nbsp;&gt; select "<STRONG><EM>65535</EM></STRONG>" &gt; click&nbsp;<STRONG><EM>OK</EM></STRONG>.</LI><LI>Save the changes: go to the&nbsp;<STRONG><EM>File</EM></STRONG>&nbsp;menu &gt; click&nbsp;<STRONG><EM>Save All</EM></STRONG>.</LI><LI>Close the GuiDBedit Tool.</LI><LI>Connect with SmartConsole to the Security Management Server / Domain Management Server.</LI><LI>Install the Security Policy onto the applicable Security Gateway / Cluster / VSX Virtual System object.</LI></OL> Fri, 06 Jan 2023 14:11:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-Identity-Agent-UserName-Identification-Problem-on/m-p/166931#M30097 David_M_Almas 2023-01-06T14:11:29Z