Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Magnus-Holmberg
Advisor

Hi,

Am trying to install som MUH2 clients on jumpgates.
The GW is using VSX on R80.30 HFA 236


I get an error saying 

"An error was detected while trying to authenticate against the AD server.
It may be a problem of bad configuration or connectivity.
Please refer to the troubleshooting guide for more help"

So checked the installation guide again.

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_IdentityAwareness_AdminGuide...

 

"

To configure Terminal Servers Identity Agents Authentication Settings with all Active Directories:

  1. Log in to SmartConsole.
  2. From the left navigation toolbar, click Gateways & Servers.
  3. Open the Identity Awareness Gateway object.
  4. In the left tree, go to the Identity Awareness page.
  5. Near the Terminal Servers, click Settings.
  6. In the Authentication Settings section, click Settings.
  7. Select All Gateway's Active Directories (under Security Gateway -> Other - > User Directory).
  8. Click OK to close the Active Directories window.
  9. Click OK to close the Terminal Servers window.
  10. Configure the Account Units Query settings:
    1. In the left tree of the Security Gateway object, click on the [+] near the Other pane.
    2. Click the User Directory pane.
    3. In the Account Units Query section, select All.
  11. Click OK to close the Gateway Properties window.
  12. Install the Access Policy.

"

 

But i honestly dont see the account units query. is the guide incorrect and it should be "user Directories"

 

ia_gateway.png

 the agent itself says connected but the users loged in says not authenticated.

ia_agent_info.JPG


For other identitys we uses the identity collector. so there is ldap account units within the CMA

Regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
1 Solution

Accepted Solutions
bsc
Explorer

just to answer my own question: My Problem is solved in https://support.checkpoint.com/results/sk/sk87200

The issue happened for accounts, where sAMA and UPN do not match.

View solution in original post

0 Kudos
7 Replies
Alex-
Leader Leader
Leader

I have a somewhat similar issue with the MuHv2 agent, R80.40 Take 118 VSX.

The agent shows connected and using pdp commands on the VS the VM's are seen, but it doesn't show any authenticated user.

I have an SR open. Some things that were tried was making sure the agent was installed with admin rights and disable secure boot on the image but it didn't help. 

0 Kudos
mcatanzaro
Employee
Employee

Greetings Magnus,

What OS are the servers running and what software version is the MDS on?

The MDS must have R80.30 JHF T210 or higher installed and the servers must either be running Windows Server 2016 or Windows Server 2019.

0 Kudos
Magnus-Holmberg
Advisor

MDS running R81 HFA36
Server running Windows Server 2019 standard

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
AaronCP
Advisor

Hey @Magnus-Holmberg,

 

Firstly, big fan of your YouTube content! It's been a great resource for me - so thank you!

 

Secondly, did you ever find a resolution for this issue? I'm not running VSX, but I am hitting a similar issue. The machine authentication is working perfectly, but I am not getting any user-based authentication & I see the same error as your screenshot.

 

Any advise would be much appreciated.

 

Thanks,

 

Aaron.

0 Kudos
Magnus-Holmberg
Advisor

Thank you 🙂

Yes its working now, but i dont remember what the issue was.
We are going to install it on more servers so i will see if i get the same issue, but so far its working correctly.
We are currently running R81 HFA44 on the MDS.


When it comes to VSX and IA in general, its important to think about how the traffic is going towards ia stuff.
If the traffic is generating from VS or VSX Cluster. (this is something that is easy to miss)

vsx_communication.jpg

https://www.youtube.com/c/MagnusHolmberg-NetSec
bsc
Explorer

@AaronCP may I return the question to you? Could you find a solution for this?

0 Kudos
bsc
Explorer

just to answer my own question: My Problem is solved in https://support.checkpoint.com/results/sk/sk87200

The issue happened for accounts, where sAMA and UPN do not match.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events