When installing Identity Agent Terminal Server v2 on the Terminal Server, the users identified by the agent show as "Not Authenticated."

Even though the Identity Agent Terminal Server is correctly configured — with Identity Awareness Blade settings properly set, firewall rules allowing communication with Active Directory, the LDAP Account Unit successfully connected, and Identity Awareness successfully authenticating users via Identity Agent Full and Light, AD Query, and Browser Authentication — users logged into the Terminal Server and authenticated in AD still face no apparent configuration issues.

Identity Agent Terminal Server v2 connected, users identified 

Running pdp monitor ip does not show any LogUsername, Groups, or Roles information.

The SmartConsole displays the error:

"An error was detected while trying to authenticate against the AD server. It may be a problem of bad configuration or connectivity."
which creates confusion when troubleshooting, but leads to double-checking all configurations and ensuring the blade, rules, and LDAP Account Unit are correctly set up.

When opening a case with TAC, further investigation in the agent ts logs revealed the issue was related to the Certificate note trusted

The firewall’s CA was being used correctly and was valid; however, when installing the Identity Agent Terminal Server, upon connection, a prompt appears to trust the CA. Before proceeding, it is necessary to install the CA into the Trusted Root Certification Authorities.

To view the CA, click “view certificate” and install the CA  into the Trusted Root Certification Authorities..

After that, the Identity Agent will authenticate successfully.