- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
Has anyone encountered this issue with the MUH Identity Awareness Agent running on Citrix servers? Initial connection works just fine but then after a few days it just disconnects and stops forwarding identities. Event log on the server says that it is connected but the agent doesn't report that. Screenshot is attached. There doesn't seem to be an sk relating to this so I'm wondering if it is a bug? It's an R80.10 environment running JHF112 and SC Take 056.
TIA,
Stu
This may not be related, however, check what ports your citrix servers are using and then ensure that they are excluded in Controller/Multi User host settings.
Thanks Larry, will check that out.
Pretty much as expected. Excluded ports on the MUH are 1-9999 (TCP and UDP) and none of the Citrix ports are outside of that range.
This happens on physical Citrix servers and virtual so it doesn't appear to be an issue with virtualisation. Memory and CPU aren't maxed out all the time on the servers.
Have upped the allowed ports to 1200 per user from the default of 900 per user but fault is still the same.
did you use trend micro on your ts?
Hi Marco,
Not on these servers. There's precious little running on them other than the Citrix services.
Hi,
Did anyone resolve this issue. Been getting same error as in snapshot and its pretty random. One or few of the servers in the group would be connected and then later on disconnected.
Still working with TAC no sk on it (at least not for R80).
Sajid
What agents do you have enabled on the Identity Awareness properties on the gateway? We found that by looking in the MUH Agent logs there were some strange file not found errors so we enabled all of the Identity Awareness methods (which cured the problem) and then turned them off, one by one, until the problem returned. The result was leaving AD, Terminal Services and Identity Agents switched on and it’s been fine ever since.
Hi Stuart,
The agent installed is R80.102.0000
We have AD and TS enabled. For Identity agents, did you just enable it with default setting or modified them.
I've also noticed that for any TS agents that are connected, no username information is seen on logs. Seems like the whole solution is not working.
Sajid
Just enable the Identity Agents on the gateway with no additional config and then push policy - it might just work.
Thanks, this really helps to fix the Log In issues with the TS agent.
Hi,
I got a similar problem with FW in R80.20, MUH agent 80.191.0000
We got a randomly disconnection from citrix, sometimes for Outlook, sometimes web, ....
Identity Agents and Terminal Servers enabled.
Nothing relevant in the MUH agents logs or UIP drivers logs.
Do you have somes tips to help me with this issue ?
Thanks,
Arthur
Issue solved for us by enabling the Port Probing mechanism!
This is a new behavior with R80.X version, because was working fine with R77 without this mechanism...
But solved in our envoironment.
👍
Hi Guys,
Would someone be able to explain what Port Probing mechanism is and where we can enable this ?.
Thank you
Kam
I am curious to know as well what this "Port Probing mechanism" is and where to view it's settings too as I am having all kinds of issues with TS servers Agents loosing their connections.
Hi,
Please, you may explain your solution, I don't know where you set this parameter.
Thank
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY