Support Center > Search Results > SecureKnowledge Details
User login events are logged by Identity Awareness as separate logins for different users if username is written in upper case letters, or in lower case letters
  • On Windows Server, the user is identified by the username that was defined in Active Directory (run 'net user <username>' command).

  • In all Check Point logs, the user is identified by the username with which the user actually logged in - as if different user names were used ('USERNAME' / 'UserName' / 'username').

  • Issue is experienced only for the Terminal Server users.

  • Example:

    The following user is connected to the Terminal Server:

    C:\Users\Administrator> net user Alex1 
    User name                    Alex1 
    Full Name                    Alex 1 

    According to debug, the identity that is published to PEP:

    [TRACKER]: #10 -> OUTGOING -> IDENTITY_UPDATE -> pep (v4): (v6): ::1, identity: UpdateInformation dump: 
    Unique ID           : XXX
    Client type         : 6 
    Time to live        : 28800, 86400 
    Client ID           : IP_ADDRESS, XXX 
    Username            : alex1
    Log Username        : Alex 1 (alex1)

    As a result, the username "Alex 1 (alex1)" instead of username "Alex 1 (Alex1)" is shown in all Check Point logs.

Note: To view this solution you need to Sign In .