Identity Collector not receiving events after MS "...

Tecki0815 · ‎2025-06-18

Hello,

we have installed Microsoft "Defender For Identity" on Domain Controllers.

Since then, the Check Point Identity Collector, which is used für Identity-Based access rules is not getting login/logout events any more.

Before the Microsoft "Defender For Identity" installation every thing worked fine.

And is it "normal" that the SMO has connected Identity controllers ?

Jut one SGM (we have just 2 and one group) has conneced Identity controllers

[Expert@SMO:0]# pdp idc status
No connected Identity Collectors

[Expert@SMO:0]#

Does any one have any idea how to fix this ?

Thanks

PhoneBoy · ‎2025-06-18

Perhaps debugging Identity Collector will provide a clue: https://sc1.checkpoint.com/documents/Identity_Awareness_Clients_Admin_Guide/Content/Topics-IA-Client...

Chris_Atkinson · ‎2025-06-18

Which version of IDC is being used in the environment?

CCSM R77/R80/ELITE

Tecki0815 · ‎2025-06-19

the IDC version is R82.120

but most probably it is not related to sk183573 as I do not see any log containing "Win32 Error: Thread::Start "
and I have already CPIdentityCollector_R81.120.0291.msi.7z

which is beeing installed soon, but like already stated, this is most probbably not the root cause

Best Regards

Identity Collector not receiving events after MS "Defender For Identity" was installed