Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ryan_Ryan
Advisor

Identity Agent Revoke IP

Hi guys,

I have found an issue and its apparent on at least two of our customers firewalls. When the terminal server multi user agent is connected, if we click disconnect from gateway in agent window, or if I run the command "pdp control revoke_ip" the agent will never be able to reconnect. Even after uninstalling the agent, rebooting and reinstalling, the agent will no longer reconnect.

Is there any possibility the checkpoint or the windows server has revoked the ssl certificate meaning until I delete that revocation it will never connect? Even after months, the client cannot reconnect so it seems something has permanently blocked this connection (where other clients are still connected without issue) but i can't figure out where this is happening.

thanks

0 Kudos
3 Replies

You do not mention the version used - for R77.30, pdp control revoke_ip should not terminate the connection (according to sk122838), but if you try to connect to the web resource again, you should be redirected to the Captive Portal (see Identity Awareness Administration Guide R77 Versions p.79).

So after disconnect, when trying to connect again the user must authenticate again. I would involve TAC here as this behaviour is not as expected.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Ryan_Ryan
Advisor

Forgot that! its R77.30.

I also forgot to mention this is the Multi User Host agent. (although it may also be present in the single user agent - have not tried that yet) Anyone else have it installed, feel free to give it a try, if you click disconnect from gateway on the agent, or if you click revoke IP, once the agent then shows disconnected, you will not get it to reconnect, although I did have success on one machine by uninstalling, rebooting and reinstalling, I have had other machines even doing that doesn't fix it.seems once you click that button you are stuck, (repairing connection doesn't work/factory reset settings doesnt work)

Would be very interested if someone else was able to confirm this behaviour.

0 Kudos

I did know that the MUH Agent is used, but i found nothing more even in sk66761. Admin Guide speaks of Configure a shared secret between the Terminal Servers Identity Agents and the gateway. But then, it should just work...

This sounds like a Windows registry issue - sometimes, uninstall fails to clean the registry. sk118612 give it as HKEY_USERS\S-1-5-18\Software\CheckPoint\IA

CCSE CCTE CCSM SMB Specialist
0 Kudos