The TS agent is monitoring all users logged in on the Citrix machine and sends them (in UPN format - user@domain) to the PDP gateway.
My assumption is that a service account was logged into the Citrix machine and therefore was transferred to the gateway.
The fact that this domain was not configured on Check Point side (which is right!) cause this error, as the authorization phase for this user fails.
I suggest opening case with TAC, to verify this. You can also ask for fixed agent which allows excluding specific users to be sent to the PDP gateway.
Group manager, Identity Awareness R&D