This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ClaudiaPeter
Contributor
Friday

"A secondary session request was received from the same IP" from a Terminal Servers Identity Agent

Hi,

we use the IA collector and Terminal Servers Identity Agents. Recently we see problems with "A secondary session request was received from the same IP" from Citrix TS servers and as Indentity Source "Terminal Servers Identity Agent" (see attachted screenshot). I know this error logs for identities from the IA collector, but the exculsion for the TS network within the IA collector seems to work, no logs for this network with Identity Source "Identity Collector (Active Directory)". And no other error logs of the blade Identity Awareness.
I don't know since when the error occurs, it's sporadic and already in the oldest available logs. But now we have problems with several firewall rules that don't match because the identity is "lost".

I'm still trying to verify if there is always another session on the problematic TS without any log of the IA. In the last case there was one, but without any obvious difference to the other TS sessions (it's a Citrix farm).

We see it on both gateways with terminal server agent connections.
It comes from several TS instances, mostly only one at the same time, it stops and some hours later from another TS.
It occurs on two gateways, from two Citrix farms, it might be a general problem.

Did anybody see the secondary login error from a MUH agent?


Gateways: R81.10 Take 150; R81.20 Take 65 (recently updated to R81.20, no change of the error)
TS Agent: R81.070.0000
Number of sessions per TS: 3 - 5
TS: Win 2019
Number of connected Terminal Servers Identity Agents on the R81.20 gateway: ~35

Best regards
Claudia

Labels
Preview file
151 KB
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
Friday

Did you check: https://support.checkpoint.com/results/sk/sk131792 

0 Kudos
ClaudiaPeter
Contributor
Friday
In response to PhoneBoy

Yes, but this network is in the network exclusion filter of the Identity Collector (and there is no log in logged for the Identity Collector for this IP address), and we don't use AD query.

0 Kudos
PhoneBoy
Admin
Admin
Friday
In response to ClaudiaPeter

This is relevant for all methods except ADQuery, actually.
Your best bet is probably a TAC case: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events