Some User Mappings not Performed by the User-ID Agent

Some User Mappings not Performed by the User-ID Agent

20577
Created On 09/26/18 13:53 PM - Last Modified 02/23/23 01:17 AM


Symptom


  • Some user mappings are not performed by the User-ID Agent.
  • uadebug.log (Lon the user id Agent) displays errors similar to that shown below.
[ Info 278]: Read security log event first returns false 5 for DC <Domain controller Name>
[Error 1173]: Read security log returns error 2 on server <DC NAME>.

 

Environment


  • Palo Alto Firewall
  • Supported PAN-OS
  • User ID Agent

Resolution


Enable the option "Enable Server Session Read" on the User-ID Agent.

  1. Go to Setup and click "Edit"
  2. Set the "Enable Server Session Read to YES.
  3. Commit on the agent.
  4. Restart the service.

 

 

Additional Information


Note:
  • Restarting service on UIA will not affect the mappings existing on the Firewall.
  • However, if newer mappings are learned, they may get affected as they will not register with the agent in time and need to get them again after the service starts running
  • So it is suggested to do restart during the maintainence window.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClwzCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language