topic Re: Identity Awarness with windows server 2025 in General Topics

Identity Awarness with windows server 2025

Victus — Fri, 23 Jan 2026 15:44:27 GMT

Hello Checkmate,

Is windows server 2025 can be used to configure Identity Awarness?

This SK does not saying nothing about it : sk108235 - Identity Collector - Technical Overview

But I get this in the log when IC tries Identity Propagation : "An error was detected while trying to authenticate against the AD server. It may be a problem of bad configuration or connectivity. Please refer to the troubleshooting guide for more help"

In my Identity Collector configuration, my identity Sources (DCs on windows server 2025) are active, It receive Event and the status is Connected. The Identity Server (the FW 1600 appliance) seems Connected).

Please advise if you have any information about this.

Thanks

Re: Identity Awarness with windows server 2025

PhoneBoy — Fri, 23 Jan 2026 21:38:36 GMT

I'd check some of what's mentioned in this SK: https://support.checkpoint.com/results/sk/sk164834

Re: Identity Awarness with windows server 2025

Chris_Atkinson — Sat, 24 Jan 2026 03:10:50 GMT

In general Identity Collector support for Windows Server 2025 is confirmed in sk134312

Re: Identity Awarness with windows server 2025

Vincent_Bacher — Sat, 24 Jan 2026 08:40:02 GMT

Where exactly do you see the error

"An error was detected while trying to authenticate against the AD server. It may be a problem of bad configuration or connectivity. Please refer to the troubleshooting guide for more help"

I guess you can see this in SmartLog and the error is generated by the gateway, correct? It also attempts to connect to the AD server in order to obtain the group memberships, including nested groups, via one or multiple LDAP queries so that it can determine the access roles of the session or user.
At least, that is how it works when a user comes in via IA agent, and it should be the same with IDC.

Re: Identity Awarness with windows server 2025

the_rock — Sat, 24 Jan 2026 09:34:28 GMT

Will see if I can find a post someone made about it recently where they were using windows server 2025, but looks like sk Chris gave confirms it.

Re: Identity Awarness with windows server 2025

Vincent_Bacher — Sat, 24 Jan 2026 09:43:05 GMT

I would still want to look into the error message mentioned; I think it should be eliminated if possible.

Re: Identity Awarness with windows server 2025

the_rock — Sat, 24 Jan 2026 09:48:06 GMT

Agree 100%, Vince. Let me see if we have windows server 2025 image spun up in eve ng, I can try it later.

Re: Identity Awarness with windows server 2025

Vincent_Bacher — Sat, 24 Jan 2026 09:51:37 GMT

I guess this message is not really related to the windows server release but more likely to the AU config but I may be wrong.

Re: Identity Awarness with windows server 2025

Vincent_Bacher — Sat, 24 Jan 2026 09:58:45 GMT

If I may, I would like to explain the reason for my message. It is my understanding that this message is well known in our organisation and is usually caused by issues in the AU configuration or the missing AU or LDAP query option.

However, given that we do not use IDC to connect to AD, it is possible that the situation here differs. I may of course be mistaken.

Re: Identity Awarness with windows server 2025

the_rock — Sat, 24 Jan 2026 12:43:18 GMT

Not sure if this could be related, but I did quick AI search and below is what it gave me...worth checking:

Why you see: “An error was detected while trying to authenticate against the AD server…”

That exact SmartLog error is generally tied to LDAP/Account Unit configuration issues. Check Point’s SK for this message states the cause is LDAP configuration-related, with multiple possible reasons. [supportcen...kpoint.com]

Given your environment (DCs on Windows Server 2025), the most likely reason is:

✅ The gateway is trying to talk to AD using LDAP (389) or non-SSL settings, but AD 2025 requires LDAPS for the Identity Awareness gateway connection. [sc1.checkpoint.com]

Re: Identity Awarness with windows server 2025

Vincent_Bacher — Sat, 24 Jan 2026 13:18:15 GMT

That is basically exactly what I explained above, correct?

Re: Identity Awarness with windows server 2025

the_rock — Sat, 24 Jan 2026 13:19:34 GMT

Yep, you got it. Not saying that is exact reason, but seems related.

Re: Identity Awarness with windows server 2025

Vincent_Bacher — Sat, 24 Jan 2026 13:23:31 GMT

LDAP/LDAPS is one of the reasons I faced before. Simple things like wrong user/pass or just locked account of the user are other faced issues but most of them related to the AU

Re: Identity Awarness with windows server 2025

the_rock — Sat, 24 Jan 2026 13:24:36 GMT

My experience is more less the same. Definitely worth double checking on it.

Re: Identity Awarness with windows server 2025

Victus — Mon, 26 Jan 2026 19:31:26 GMT

Thank you all for the contribution.

I'll try to activate LDAPS when configuring LDAP account in smart console.