This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Stuart_Green
Collaborator
‎2018-08-01 06:47 AM

MUH Identity Awareness Agent on Citrix randomly disconnects

Hi,

Has anyone encountered this issue with the MUH Identity Awareness Agent running on Citrix servers?  Initial connection works just fine but then after a few days it just disconnects and stops forwarding identities.  Event log on the server says that it is connected but the agent doesn't report that.  Screenshot is attached.  There doesn't seem to be an sk relating to this so I'm wondering if it is a bug?  It's an R80.10 environment running JHF112 and SC Take 056.

TIA,

Stu

Preview file
34 KB
18 Replies
Larry_Birch
Contributor
‎2018-08-01 08:46 AM

This may not be related, however, check what ports your citrix servers are using and then ensure that they are excluded in Controller/Multi User host settings.

Stuart_Green
Collaborator
‎2018-08-01 01:41 PM
In response to Larry_Birch

Thanks Larry, will check that out.

0 Kudos
Stuart_Green
Collaborator
‎2018-08-06 07:45 AM
In response to Larry_Birch

Pretty much as expected.  Excluded ports on the MUH are 1-9999 (TCP and UDP) and none of the Citrix ports are outside of that range.

This happens on physical Citrix servers and virtual so it doesn't appear to be an issue with virtualisation.  Memory and CPU aren't maxed out all the time on the servers.

Have upped the allowed ports to 1200 per user from the default of 900 per user but fault is still the same.

Marco_Valenti
Advisor
‎2018-08-01 09:28 AM

did you use trend micro on your ts?

Stuart_Green
Collaborator
‎2018-08-01 01:41 PM
In response to Marco_Valenti

Hi Marco,

Not on these servers.  There's precious little running on them other than the Citrix services.

Sajid_Abbas
Contributor
‎2018-10-08 05:19 PM

Hi,

Did anyone resolve this issue. Been getting same error as in snapshot and its pretty random. One or few of the servers in the group would be connected and then later on disconnected.

Still working with TAC no sk on it (at least not for R80).

Sajid

Stuart_Green
Collaborator
‎2018-10-11 01:18 PM
In response to Sajid_Abbas

What agents do you have enabled on the Identity Awareness properties on the gateway? We found that by looking in the MUH Agent logs there were some strange file not found errors so we enabled all of the Identity Awareness methods (which cured the problem) and then turned them off, one by one, until the problem returned. The result was leaving AD, Terminal Services and Identity Agents switched on and it’s been fine ever since. 

0 Kudos
Sajid_Abbas
Contributor
‎2018-10-18 02:04 PM
In response to Stuart_Green

Hi Stuart,

The agent installed is R80.102.0000

We have AD and TS enabled. For Identity agents, did you just enable it with default setting or modified them.

I've also noticed that for any TS agents that are connected, no username information is seen on logs. Seems like the whole solution is not working. 

Sajid

Stuart_Green
Collaborator
‎2018-10-29 07:39 AM
In response to Sajid_Abbas

Just enable the Identity Agents on the gateway with no additional config and then push policy - it might just work.

Alexei_Subbotsk
Explorer
‎2019-03-08 02:42 PM
In response to Stuart_Green

Thanks, this really helps to fix the Log In issues with the TS agent.

Arthur_DENIS1
Advisor
‎2019-09-10 02:51 AM
In response to Alexei_Subbotsk

Hi,

I got a similar problem with FW in R80.20, MUH agent 80.191.0000

We got a randomly disconnection from citrix, sometimes for Outlook, sometimes web, ....

Identity Agents and Terminal Servers enabled.

Nothing relevant in the MUH agents logs or UIP drivers logs.

 

Do you have somes tips to help me with this issue ?

Thanks,

Arthur

Arthur_DENIS1
Advisor
‎2019-10-23 01:46 AM
In response to Arthur_DENIS1

Issue solved for us by enabling the Port Probing mechanism!

This is a new behavior with R80.X version, because was working fine with R77 without this mechanism...

 

But solved in our envoironment.

Marco_Stanger
Explorer
‎2019-10-23 01:46 PM
In response to Arthur_DENIS1

👍

0 Kudos
SCSupport
Contributor
‎2020-01-07 08:48 AM
In response to Marco_Stanger

Hi Guys,

 

Would someone be able to explain what Port Probing mechanism is and where we can enable this ?.

Thank you

 

Kam

0 Kudos
DIEHARD
Participant
‎2020-05-12 12:51 PM
In response to Arthur_DENIS1

I am curious to know as well what this "Port Probing mechanism" is and where to view it's settings too as I am having all kinds of issues with TS servers Agents loosing their connections.

0 Kudos
Steve_Payne
Participant
‎2020-05-14 09:27 PM
In response to DIEHARD

Check sk117089 for details.
Robson_Rey_Lope
Explorer
‎2020-05-15 06:56 AM
In response to Steve_Payne

Thanks, but it didn't work for me. I believe my problem is a specific host. Another host is working fine. I'll go back to analysis!
0 Kudos
Robson_Rey_Lope
Explorer
‎2020-05-14 10:49 AM
In response to Arthur_DENIS1

Hi,

 

Please, you may explain your solution, I don't know where you set this parameter.

 

Thank

0 Kudos