Solved: Re: Identity Awarness with windows server 2025

Victus · ‎2026-01-23

Hello Checkmate,

Is windows server 2025 can be used to configure Identity Awarness?

This SK does not saying nothing about it : sk108235 - Identity Collector - Technical Overview

But I get this in the log when IC tries Identity Propagation : "An error was detected while trying to authenticate against the AD server. It may be a problem of bad configuration or connectivity. Please refer to the troubleshooting guide for more help"

In my Identity Collector configuration, my identity Sources (DCs on windows server 2025) are active, It receive Event and the status is Connected. The Identity Server (the FW 1600 appliance) seems Connected).

Please advise if you have any information about this.

Thanks

PhoneBoy · ‎2026-01-23

I'd check some of what's mentioned in this SK: https://support.checkpoint.com/results/sk/sk164834

View solution in original post

Chris_Atkinson · ‎2026-01-23

In general Identity Collector support for Windows Server 2025 is confirmed in sk134312

CCSM R77/R80/ELITE

View solution in original post

PhoneBoy · ‎2026-01-23

I'd check some of what's mentioned in this SK: https://support.checkpoint.com/results/sk/sk164834

Victus · ‎2026-01-26

Thank you all for the contribution.

I'll try to activate LDAPS when configuring LDAP account in smart console.

Chris_Atkinson · ‎2026-01-23

In general Identity Collector support for Windows Server 2025 is confirmed in sk134312

CCSM R77/R80/ELITE

Vincent_Bacher · ‎2026-01-24

Where exactly do you see the error

"An error was detected while trying to authenticate against the AD server. It may be a problem of bad configuration or connectivity. Please refer to the troubleshooting guide for more help"

I guess you can see this in SmartLog and the error is generated by the gateway, correct? It also attempts to connect to the AD server in order to obtain the group memberships, including nested groups, via one or multiple LDAP queries so that it can determine the access roles of the session or user.
At least, that is how it works when a user comes in via IA agent, and it should be the same with IDC.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock · ‎2026-01-24

Will see if I can find a post someone made about it recently where they were using windows server 2025, but looks like sk Chris gave confirms it.

Best,
Andy
"Have a great day and if its not, change it"

Vincent_Bacher · ‎2026-01-24

I would still want to look into the error message mentioned; I think it should be eliminated if possible.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock · ‎2026-01-24

Agree 100%, Vince. Let me see if we have windows server 2025 image spun up in eve ng, I can try it later.

Best,
Andy
"Have a great day and if its not, change it"

Vincent_Bacher · ‎2026-01-24

I guess this message is not really related to the windows server release but more likely to the AU config but I may be wrong.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Vincent_Bacher · ‎2026-01-24

If I may, I would like to explain the reason for my message. It is my understanding that this message is well known in our organisation and is usually caused by issues in the AU configuration or the missing AU or LDAP query option.

However, given that we do not use IDC to connect to AD, it is possible that the situation here differs. I may of course be mistaken.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock · ‎2026-01-24

Not sure if this could be related, but I did quick AI search and below is what it gave me...worth checking:

Why you see: “An error was detected while trying to authenticate against the AD server…”

That exact SmartLog error is generally tied to LDAP/Account Unit configuration issues. Check Point’s SK for this message states the cause is LDAP configuration-related, with multiple possible reasons. [supportcen...kpoint.com]

Given your environment (DCs on Windows Server 2025), the most likely reason is:

✅ The gateway is trying to talk to AD using LDAP (389) or non-SSL settings, but AD 2025 requires LDAPS for the Identity Awareness gateway connection. [sc1.checkpoint.com]

Best,
Andy
"Have a great day and if its not, change it"

Vincent_Bacher · ‎2026-01-24

That is basically exactly what I explained above, correct?

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock · ‎2026-01-24

Yep, you got it. Not saying that is exact reason, but seems related.

Best,
Andy
"Have a great day and if its not, change it"

Vincent_Bacher · ‎2026-01-24

LDAP/LDAPS is one of the reasons I faced before. Simple things like wrong user/pass or just locked account of the user are other faced issues but most of them related to the AU

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock · ‎2026-01-24

My experience is more less the same. Definitely worth double checking on it.

Best,
Andy
"Have a great day and if its not, change it"

Are you a member of CheckMates?

Identity Awarness with windows server 2025

Why you see: “An error was detected while trying to authenticate against the AD server…”