Support Center > Search Results > SecureKnowledge Details
User login events are logged by Identity Awareness as separate logins for different users if username is written in upper case letters, or in lower case letters
Symptoms
  • On Windows Server, the user is identified by the username that was defined in Active Directory (run 'net user <username>' command).

  • In all Check Point logs, the user is identified by the username with which the user actually logged in - as if different user names were used ('USERNAME' / 'UserName' / 'username').

  • Issue is experienced only for the Terminal Server users.

  • Example:

    The following user is connected to the Terminal Server:

    C:\Users\Administrator> net user Alex1 
    User name                    Alex1 
    Full Name                    Alex 1 
    

    According to debug, the identity that is published to PEP:

    [TRACKER]: #10 -> OUTGOING -> IDENTITY_UPDATE -> pep (v4): 127.0.0.1pep (v6): ::1, identity: UpdateInformation dump: 
    Unique ID           : XXX
    Client type         : 6 
    Time to live        : 28800, 86400 
    Client ID           : IP_ADDRESS, XXX 
    Username            : alex1
    Log Username        : Alex 1 (alex1)
    

    As a result, the username "Alex 1 (alex1)" instead of username "Alex 1 (Alex1)" is shown in all Check Point logs.

Solution
Note: To view this solution you need to Sign In .