topic Re: user id agent wmi broken after kb5023702 installed in General Topics https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wmi-broken-after-kb5023702-installed/m-p/534776#M110033 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/279728">@Groche</a>,</P> <P>This is expected if you're still using WMI with the enforced security improvements that Microsoft has made with this update. Should have been triggering alerts for a year prior to them enforcing it this year, but easily missed if you weren't actively looking for it.</P> <P>You'll want to configure the firewall to utilize WinRM-HTTP or preferably WinRM-HTTPS instead of WMI if you continue to utilize agentless. Fairly straightforward conversion to make.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-server-monitoring-using-winrm" target="_blank">https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-server-monitoring-using-winrm</A></P> Thu, 16 Mar 2023 20:43:26 GMT BPry 2023-03-16T20:43:26Z user id agent wmi broken after kb5023702 installed https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wmi-broken-after-kb5023702-installed/m-p/534698#M110012 <P>Hi,</P> <P>i installed the&nbsp;kb5023702&nbsp; on my active directory, and it breaks the user-id mapping on palo alto with wmi.</P> <P>I had to uninstall this kb to resolve this.</P> <P>Do you have a solution for this bug ?<BR />Thanks,<BR />Regards</P> Thu, 16 Mar 2023 12:06:05 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wmi-broken-after-kb5023702-installed/m-p/534698#M110012 Groche 2023-03-16T12:06:05Z Re: user id agent wmi broken after kb5023702 installed https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wmi-broken-after-kb5023702-installed/m-p/534776#M110033 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/279728">@Groche</a>,</P> <P>This is expected if you're still using WMI with the enforced security improvements that Microsoft has made with this update. Should have been triggering alerts for a year prior to them enforcing it this year, but easily missed if you weren't actively looking for it.</P> <P>You'll want to configure the firewall to utilize WinRM-HTTP or preferably WinRM-HTTPS instead of WMI if you continue to utilize agentless. Fairly straightforward conversion to make.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-server-monitoring-using-winrm" target="_blank">https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-server-monitoring-using-winrm</A></P> Thu, 16 Mar 2023 20:43:26 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-agent-wmi-broken-after-kb5023702-installed/m-p/534776#M110033 BPry 2023-03-16T20:43:26Z