Hello Felix,
This does not necessary indicates an issue. I have seen this in the past when the domain of the user or groups is being typed manually or if there is some latency between the proxy and the AD. Access the Advance URL
https://ProxyIP:8082/lsa/stats to see what Server the Proxy is talking to and what is the average ldap ping latency in ms.
After you Join to the domain you can try to assign a preferred two domain servers via Server IP so proxy talks to those first is they are close, i have seen cases when out of 10 domain servers one is rogue and caused this error, and it so happened that it was the closest network wise to the proxy so proxy would talk to it all the time.
It is good news that you were able to join the domain, if you have a large forest then give proxy some time to try to query its groups and users before you try to configure those in the VPM, say 12 hours at list.
Can you walk us trough step by step on what exactly you are clicking and doing to the point that you get the error? every detail matter please.
Also the version of the Proxy SGOS and Windows Server OS could he helpful as well.
Slava
Original Message:
Sent: 09-29-2020 11:56 PM
From: Felix Leonard Natividad
Subject: IWA Direct Issue
Hi everyone. We're currently experiencing an issue when deploying IWA Direct as the Authentication. We've tried to create an IWA Direct realm and in the Configuration>Authentication>Windows Domain we've created a domain and successfully joining it and showing a OK state in the Health Check. After joining, we've accessed the VPM and tried to add user from the Domain and we've encountered a "IWA Direct realm encountered an unmapped error". Is there a possible ways to mitigate this problem? We've tried to join and unjoin the Domain and recreate the IWA realm but still the issue persist.