Errors with Data Redistribution (User-ID Agent) on Labs Environment

HeathCheck_K — Thu, 10 Jul 2025 11:00:10 GMT

Hi all,

I am searching Palo Alto User-ID configuration and build Labs on EVE-NG use Palo Alto KVM.

Now I can set up LDAP and Group Mapping , it's working.

But I can not set up Data Redistribution, Connection between Firewall and User-ID Agent is No. (Connected No, log as bellow). I created Certificate and add it to Agent already.

I am using PanOS 10.2.8 and Agent 10.2.4 running Window Server 2016

Please help !

2025-07-10 19:47:32.086 +0700 pan_dcom_epoll: start epoll thread 1 at 1752151652(epoch: 1752151652)
2025-07-10 19:47:35.000 +0700 close socket fd 1026(UIA-test)
2025-07-10 19:47:35.000 +0700 Error: pan_distributor_agent_dcom_callback(pan_distributor_agent.c:2026): agent UIA-test is reset, event:1, abort:0, reset:1
2025-07-10 19:47:35.001 +0700 conn UIA-test is not connected.
2025-07-10 19:47:35.002 +0700 close conn UIA-test, same thread 0, b_notifying 0
2025-07-10 19:47:35.002 +0700 conn UIA-test has been closed by application[event=6]
2025-07-10 19:47:35.002 +0700 release conn UIA-test, notify=1
2025-07-10 19:47:35.002 +0700 close socket fd 1026(UIA-test)
2025-07-10 19:47:35.002 +0700 no work in epoll index 1
2025-07-10 19:47:35.002 +0700 pan_dcom_epoll: quit, index = 1, now=1752151655(epoch: 1752151655)
2025-07-10 19:47:40.031 +0700 [agent UIA-test] DCOM_SSL_CLNT_CONFIG
2025-07-10 19:47:40.031 +0700 [secure_conn] pan_distributor_sec_conn_load_custom_server_cert()
2025-07-10 19:47:40.031 +0700 [secure_conn] RSA key
2025-07-10 19:47:40.031 +0700 [secure_conn] Custom client ssl certificate loaded
2025-07-10 19:47:40.031 +0700 add new conn UIA-test to dcom, fd = 1026, addr = ssl@10.10.10.10#5007
2025-07-10 19:47:40.031 +0700 conn UIA-test is not connected.
2025-07-10 19:47:40.031 +0700 add socket fd 1026(UIA-test) into epoll 1 [prev total fds: 0, jobid: 0].
2025-07-10 19:47:40.031 +0700 agent UIA-test didn't establish secure communication yet
2025-07-10 19:47:40.031 +0700 pan_dcom_epoll: start epoll thread 1 at 1752151660(epoch: 1752151660)
2025-07-10 19:47:43.004 +0700 close socket fd 1026(UIA-test)
2025-07-10 19:47:43.004 +0700 Error: pan_distributor_agent_dcom_callback(pan_distributor_agent.c:2026): agent UIA-test is reset, event:1, abort:0, reset:1
2025-07-10 19:47:43.005 +0700 conn UIA-test is not connected.
2025-07-10 19:47:43.005 +0700 close conn UIA-test, same thread 0, b_notifying 0
2025-07-10 19:47:43.008 +0700 conn UIA-test has been closed by application[event=6]
2025-07-10 19:47:43.008 +0700 release conn UIA-test, notify=1
2025-07-10 19:47:43.008 +0700 close socket fd 1026(UIA-test)
2025-07-10 19:47:43.008 +0700 no work in epoll index 1
2025-07-10 19:47:43.008 +0700 pan_dcom_epoll: quit, index = 1, now=1752151663(epoch: 1752151663)
2025-07-10 19:47:48.036 +0700 [agent UIA-test] DCOM_SSL_CLNT_CONFIG
2025-07-10 19:47:48.037 +0700 [secure_conn] pan_distributor_sec_conn_load_custom_server_cert()
2025-07-10 19:47:48.037 +0700 [secure_conn] RSA key
2025-07-10 19:47:48.037 +0700 [secure_conn] Custom client ssl certificate loaded
2025-07-10 19:47:48.037 +0700 add new conn UIA-test to dcom, fd = 1026, addr = ssl@10.10.10.10#5007
2025-07-10 19:47:48.037 +0700 conn UIA-test is not connected.
2025-07-10 19:47:48.037 +0700 add socket fd 1026(UIA-test) into epoll 1 [prev total fds: 0, jobid: 0].
2025-07-10 19:47:48.037 +0700 agent UIA-test didn't establish secure communication yet
2025-07-10 19:47:48.038 +0700 pan_dcom_epoll: start epoll thread 1 at 1752151668(epoch: 1752151668)

Re: Errors with Data Redistribution (User-ID Agent) on Labs Environment

Parsek — Fri, 08 Aug 2025 11:42:27 GMT

Hi,

Please verify the firewall settings on the Domain Controller(as I understand it is Windows Server 2016).

You need to allow TCP 5007 port for this.

topic Errors with Data Redistribution (User-ID Agent) on Labs Environment in Next-Generation Firewall Discussions

Errors with Data Redistribution (User-ID Agent) on Labs Environment

Re: Errors with Data Redistribution (User-ID Agent) on Labs Environment