User A on host X is successful, but user B on host X is not?  correct
Are they doing it at the same time or different times?  different  (snx won't start again if session already exists)
If you create a brand new user on the same host, does it work?  (it works for all other new or old users)
Please clarify the situation and include the version/JHF level of the gateway you are connecting to. (its snx build 800010003 foe linux - not sure how to find out JHF level)

Basically these are the two scenarios:

scenario A (BAD)

i am logged in to hostX as Jim, starting snx as userA

jim@hostX >>  /usr/bin/snx -s server.fqdn -u userA -g

Check Point's Linux SNX

build 800010003

Please enter your password:

<<There is NO prompt for Root Cert y or n>>

connection aborted.

scenario B (GOOD)

i am logged in to hostX as nancy, starting snx as userA

nancy@hostX >>  /usr/bin/snx -s server.fqdn -u userA -g

Check Point's Linux SNX

build 800010003

Please enter your password:

Prompted to accept the Root Cert GUE DGP KOP PNE : y or n 

y

SNX - connected.

it worked for months before it stopped working.  on the same host other profile can start snx with no issue.  

another key is that the user  who can't start snx anymore , is not being prompted for the < accept root cert > 

That all points to a preference stored in the user's home directory.
I don't recall what SNX uses offhand, but I'd recommend reviewing the contents of the user's home directory for a dot directory.
My bet is if you remove the relevant dot directory (maybe .snx), it should start working again.

couldn't locate anything thing specific to snx in home.  only thing i see is the cert saved for each local user in /etc/snx/user.db 

i have tried removing/renaming that but not luck.  It causes no change in the user's behaviour for snx.

Your best bet here is to open a TAC case.