Troubleshoot the Remote Access VPN Identity Source

For other related troubleshooting information, see Troubleshoot Realms and User Downloads and Troubleshoot User Control.

If you experience issues with Remote Access VPN, check the connection between your management center and a managed device. If the connection fails, all Remote Access VPN logins reported by the device cannot be identified during the downtime, unless the users were previously seen and downloaded to the management center.

The unidentified users are logged as Unknown users on the management center. After the downtime, the Unknown users are re identified and processed according to the rules in your identity policy.

The host name of the managed device must be less than 15 characters for Kerberos authentication to succeed.

Active FTP sessions are displayed as the Unknown user in events. This is normal because, in active FTP, the server (not the client) initiates the connection and the FTP server should not have an associated user name. For more information about active FTP, see RFC 959.