Support Center > Search Results > SecureKnowledge Details
When using an ActiveSync app on an Android phone or an iPhone connected to R75.X Security Gateway, multiple sessions could be established for each user
Symptoms
  • When using an ActiveSync app on an Android phone or an iPhone, multiple sessions could be established for each user.

  • Check Point Mobile clients take more than one seat per license count on Security Gateway.

  • Output of 'listusers' command shows the same user and user's IP address several times.

  • $CVPNDIR/log/cvpnd.elg (under debug) shows a mismatch between login name and the DN on the certificate:
    .............
    [ActiveSync] [CVPN_INFO] Cvpn::ActiveSyncManager::handleActiveSyncAuthenticationRequest: client certificate must match username
    [ActiveSync] [CVPN_INFO] Cvpn::ActiveSyncManager::handleActiveSyncAuthenticationRequest: Verifying credentials with username: 'UserName1'
    [AUTHNMAN] [CVPN_INFO] Cvpn::AuthnManager::VerifyCredentials: Username: UserName1
    .............
    [ActiveSync] [CVPN_WARNING] Cvpn::ActiveSyncManager::getSessionByDeviceID: Username mismatch: current username: 'UserName2', username stored on session: 'Name2'
    
  • Affected versions: Mobile Access Security Gateways R75.X.
    For R76/R77, refer to sk96686.
Cause

The problem is with the ActiveSync feature - not with Check Point Mobile.

Phone certificate differs from user login name, so every time ActiveSync is initiated, a new authentication session is created.

User CN (and the fullname attribute from the LDAP) is the person's full name, whereas in Check Point, the CN is only the username.


Solution
Note: To view this solution you need to Sign In .