Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Roy_Smith
Collaborator

Question about Identity Awareness

Hi

We have 8 domain controllers in our AD domain and these are all listed in an LDAP Account Unit which is then used as part of Identity Awareness. This works fine and has done for many years. 

However, last week one of the physical domain controllers went down and stayed down for a few days until it could be repaired. Nothing was affected immediately, but after a few days, we noticed that VPN users were not connecting to one of the RA gateways, although they could connect to another gateway that we have. Looking into it, the logs did not show the user names for the users connecting, which it normally does. To resolve it, we removed the DC from the LDAP Account Unit, pushed policy and everything worked again. 

So, my question is - why did it take several days before we saw an issue with the missing DC? Is there some sort of timeout or caching going on here?

Any help to understand this better would be much appreciated. 

Many Thanks
Roy

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Probably caching, yes.
You can see some discussion of this here: https://community.checkpoint.com/t5/Policy-Management/Access-Role-and-Machine-name/m-p/54701/highlig...

 

0 Kudos