Support Center > Search Results > SecureKnowledge Details
Identity Awareness Agent does not authenticate via Kerberos SSO Technical Level
Symptoms
  • Identity Awareness Agent does not authenticate via Kerberos SSO from RAS or branch offices.
  • Kerberos is working as long as the client is connected to the LAN.
  • If traffic is allowed only via Access Role, authentication is not working.
  • After running into a timeout, the Identity Awareness Agent displays a message box and asks for credentials. This log in is working fine.
Cause

The client needs access to the Domain Controllers via a rule without Access Role to get a Kerberos Ticket.
Only then the Identity Awareness Agent is able to use this ticket to authenticate to the gateway.


Solution
Note: To view this solution you need to Sign In .