https://community.checkpoint.com/t5/General-Topics/SOLVED-Identity-Agent-Terminal-Server-Users-Not-Authenticated/m-p/248341#M41499 <P>Thanks for sharing!<BR />Identity Agents do require trusting the certificate issued by the gateway (signed via the Internal CA).</P> Wed, 07 May 2025 13:45:11 GMT PhoneBoy 2025-05-07T13:45:11Z https://community.checkpoint.com/t5/General-Topics/SOLVED-Identity-Agent-Terminal-Server-Users-Not-Authenticated/m-p/248279#M41486 <P class="">When installing <STRONG>Identity Agent Terminal Server v2</STRONG> on the Terminal Server, the users identified by the agent show as <STRONG>"Not Authenticated."<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IATS-users-Not-Authenticated.png" style="width: 939px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30420iB190A72568251895/image-size/large?v=v2&amp;px=999" role="button" title="IATS-users-Not-Authenticated.png" alt="IATS-users-Not-Authenticated.png" /></span><BR /></STRONG></P><P class="">Even though the <STRONG>Identity Agent Terminal Server</STRONG> is correctly configured — with <STRONG>Identity Awareness Blade settings properly set</STRONG>, firewall rules allowing communication with <STRONG>Active Directory</STRONG>, the <STRONG>LDAP Account Unit</STRONG> successfully connected, and <STRONG>Identity Awareness</STRONG> successfully authenticating users via <STRONG>Identity Agent Full and Light, AD Query, and Browser Authentication</STRONG> — users logged into the Terminal Server and authenticated in AD still face no apparent configuration issues.<BR /><BR />Identity Agent Terminal Server v2 connected, users identified&nbsp;<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="iats-connected.png" style="width: 971px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30425i2A2D338F80511072/image-size/large?v=v2&amp;px=999" role="button" title="iats-connected.png" alt="iats-connected.png" /></span></P><P class="">Running <STRONG>pdp monitor ip</STRONG> does not show any <STRONG>LogUsername, Groups, or Roles</STRONG> information.<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="pdp-monitor-ip-no-group-logusername-roles.png" style="width: 960px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30421iE2CF934BD698C2DD/image-size/large?v=v2&amp;px=999" role="button" title="pdp-monitor-ip-no-group-logusername-roles.png" alt="pdp-monitor-ip-no-group-logusername-roles.png" /></span></P><P class="">The <STRONG>SmartConsole displays the error:</STRONG></P><BLOCKQUOTE><P class=""><EM>"An error was detected while trying to authenticate against the AD server. It may be a problem of bad configuration or connectivity."</EM><BR />which creates confusion when troubleshooting, but leads to double-checking all configurations and ensuring the blade, rules, and LDAP Account Unit are correctly set up.</P></BLOCKQUOTE><P class=""><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="sm-iats-error-ad.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30423i9022872A20D849DE/image-size/large?v=v2&amp;px=999" role="button" title="sm-iats-error-ad.png" alt="sm-iats-error-ad.png" /></span><BR />When opening a case with <STRONG>TAC</STRONG>, further investigation in the agent ts logs revealed the issue was related to the <STRONG>Certificate note trusted</STRONG><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="imagem (2).png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30424i4800DCA20530EE35/image-size/large?v=v2&amp;px=999" role="button" title="imagem (2).png" alt="imagem (2).png" /></span></P><P class="">The firewall’s CA was being used correctly and was valid; however, when installing the <STRONG>Identity Agent Terminal Server</STRONG>, upon connection, a prompt appears to <STRONG>trust the CA</STRONG>. Before proceeding, it is necessary to <STRONG>install the CA into the Trusted Root Certification Authorities</STRONG>.<BR /><BR />To view the CA, click <STRONG>“view certificate”</STRONG> and install the CA <STRONG>&nbsp;into the Trusted Root Certification Authorities</STRONG>..</P><P class=""><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="install-ca-intalation-iats.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30426i3EEE120D549A2AD6/image-size/large?v=v2&amp;px=999" role="button" title="install-ca-intalation-iats.png" alt="install-ca-intalation-iats.png" /></span><BR /><BR /><BR /></P><P class="">After that, the <STRONG>Identity Agent will authenticate successfully</STRONG>.<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="solved-iats-users-authenticated.png" style="width: 935px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30427iF47A5CC91319E1DB/image-size/large?v=v2&amp;px=999" role="button" title="solved-iats-users-authenticated.png" alt="solved-iats-users-authenticated.png" /></span></P><P class=""><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="pdp-monitor-ip-showing-right-info.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30428iD17FEA7292E426C3/image-size/large?v=v2&amp;px=999" role="button" title="pdp-monitor-ip-showing-right-info.png" alt="pdp-monitor-ip-showing-right-info.png" /></span></P> Tue, 06 May 2025 22:49:52 GMT https://community.checkpoint.com/t5/General-Topics/SOLVED-Identity-Agent-Terminal-Server-Users-Not-Authenticated/m-p/248279#M41486 israelfds95 2025-05-06T22:49:52Z https://community.checkpoint.com/t5/General-Topics/SOLVED-Identity-Agent-Terminal-Server-Users-Not-Authenticated/m-p/248341#M41499 <P>Thanks for sharing!<BR />Identity Agents do require trusting the certificate issued by the gateway (signed via the Internal CA).</P> Wed, 07 May 2025 13:45:11 GMT https://community.checkpoint.com/t5/General-Topics/SOLVED-Identity-Agent-Terminal-Server-Users-Not-Authenticated/m-p/248341#M41499 PhoneBoy 2025-05-07T13:45:11Z