This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Us4r
Contributor
‎2021-12-03 12:17 AM

Checkpoint Identity Agent: UserName Identification Problem on specific Users

Hello,

 

currently we deploy checkpoint identity Agent in our enviroment.

 

On most Users it's working like expected but on some users only Machine Information will be set after user login but the user account won't be detected:

 

cp-ida-issue.JPG

 

If I logon on the same computer with another ActiveDirectory User Account then this user account will be detected from the agent.

 

What can be the problem there and how can I debug this issue?

 

Regards

 

 

Florian

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2021-12-03 02:14 AM

This issue looks like in sk120838: Sometimes, output of "pep show user all" command does not show username in the "Username@M...

Further info:

sk86441: ATRG: Identity Awareness

sk113232: Identity Awareness Agent: Network Communication and Process Summary

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Us4r
Contributor
‎2021-12-06 02:16 AM
In response to G_W_Albrecht

Hello,

 

it looks like it's really a specific Problem of the active directory UserAccount. If this useraccount tries to logon on another compuer also the user won't be authenticated using kerberos.

 

Anything else how I can debug this issue? Can this be something like a permission problem on the user Account in the active directory?

0 Kudos
dehaasm
Collaborator
‎2022-12-05 08:57 AM
In response to Us4r

We had same issues has probably something to do with Kerberos ticket size for some users, in the pdp logs you might see PDPD (TD::Critical)] pdp::NACUrlProtocol::DataReceived: data length: 48578 ,exceeds the maximum of: 40974, try adjusting ccc_max_msg_size with DBedit tool, follow sk66087 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
David_M_Almas
Contributor
‎2022-04-19 09:43 AM

Hi!

I'm deploying Identity Agent in our environment (VSX HA cluster in R81.10) and we're having exactly the same issue.

Did you managed to have a closure for this?

 

thanx!

0 Kudos
David_M_Almas
Contributor
‎2023-01-06 06:11 AM
In response to David_M_Almas

For future reference.

-----------------------------------------------------------------------

After reporting this issue to TAC, they noticed this error in the IA Agent logs:

[PDPD (TD::Critical)] pdp::NACUrlProtocol::DataReceived: data length: 9923 ,exceeds the maximum of: 8196

 

We then proceeded to increase the value ccc_max_msg_size using the following procedure (as always, please don't forget to perform a backup):

  1. Connect with SmartConsole to the Security Management Server / Domain Management Server.
  2. In the top left corner, click Menu > Database Revision Control > create a revision snapshot.

Note: Database Revision Control is not supported for VSX objects (sk65420) and Endpoint Security Servers. Instead, if running SMS/DMS in a virtual machine perform a snapshot prior to the following procedure.

In addition, refer to:

Close all SmartConsole windows.

Verify by running the "cpstat mg" command on Security Management Server / in the context of each Domain Management Server.

  1. Connect with GuiDBedit Tool to the Security Management Server / Domain Management Server.
  2. In the upper left pane, go to Table > Network Objects > network_objects.
  3. In the upper right pane, select the relevant Gateway or Cluster object.
  4. Press CTRL+F (or go to Search menu > Find) > paste ccc_max_msg_size > click Find Next.
  5. In the lower pane, right-click on the ccc_max_msg_size > select Edit > select "65535" > click OK.
  6. Save the changes: go to the File menu > click Save All.
  7. Close the GuiDBedit Tool.
  8. Connect with SmartConsole to the Security Management Server / Domain Management Server.
  9. Install the Security Policy onto the applicable Security Gateway / Cluster / VSX Virtual System object.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events