https://live.paloaltonetworks.com/t5/general-topics/server-monitoring-of-user-id-agent-set-up-shows-authentication/m-p/536889#M110273 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/216045">@Sujanya</a> ,</P> <P>&nbsp;</P> <P>That error is too general and requires additional debugging.</P> <P>&nbsp;</P> <P>I'd make sure the clock is synced under the same NTP server everywhere.</P> <P>Also enable debug logging:</P> <P>debug user-id on debug<BR />debug user-id set userid servermonitor</P> <P>Also capture krb5 and http traffic at the time of the issue</P> <P><SPAN>1) kerberos traffic is between fw and kdc server on port 88.</SPAN><BR style="color: #172b4d; font-family: -apple-system, 'system-ui', 'Segoe UI', Roboto, Oxygen, Ubuntu, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;" /><SPAN>2) http traffic is between fw and server monitor server on port 5985.</SPAN></P> <P>&nbsp;</P> <P><SPAN>You might want to grab all this info + a tech support file and send it over to TAC for analysis.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Kind regards,</SPAN></P> <P><SPAN>-Kiwi.</SPAN></P> Wed, 29 Mar 2023 10:01:01 GMT kiwi 2023-03-29T10:01:01Z https://live.paloaltonetworks.com/t5/general-topics/server-monitoring-of-user-id-agent-set-up-shows-authentication/m-p/536244#M110181 <P>We have over 80+ firewalls in our environment, all of them of version 10.1.6.-h6 , we are using Kerberos profile in the user-id agent set-up and every server monitor status seems connected. Except for the firewall which is with PAN-OS version 10.2.3.-h4, even after using the same parameters.<BR /><BR /></P> <P>getting below error:</P> <P>Server monitor HOSTNAMEDP(vsys1): connection failed, HTTP code 401, (null)</P> <P>&nbsp;</P> <P>Kindly suggest us on above condition.</P> Fri, 24 Mar 2023 11:19:08 GMT https://live.paloaltonetworks.com/t5/general-topics/server-monitoring-of-user-id-agent-set-up-shows-authentication/m-p/536244#M110181 Sujanya 2023-03-24T11:19:08Z https://live.paloaltonetworks.com/t5/general-topics/server-monitoring-of-user-id-agent-set-up-shows-authentication/m-p/536889#M110273 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/216045">@Sujanya</a> ,</P> <P>&nbsp;</P> <P>That error is too general and requires additional debugging.</P> <P>&nbsp;</P> <P>I'd make sure the clock is synced under the same NTP server everywhere.</P> <P>Also enable debug logging:</P> <P>debug user-id on debug<BR />debug user-id set userid servermonitor</P> <P>Also capture krb5 and http traffic at the time of the issue</P> <P><SPAN>1) kerberos traffic is between fw and kdc server on port 88.</SPAN><BR style="color: #172b4d; font-family: -apple-system, 'system-ui', 'Segoe UI', Roboto, Oxygen, Ubuntu, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;" /><SPAN>2) http traffic is between fw and server monitor server on port 5985.</SPAN></P> <P>&nbsp;</P> <P><SPAN>You might want to grab all this info + a tech support file and send it over to TAC for analysis.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Kind regards,</SPAN></P> <P><SPAN>-Kiwi.</SPAN></P> Wed, 29 Mar 2023 10:01:01 GMT https://live.paloaltonetworks.com/t5/general-topics/server-monitoring-of-user-id-agent-set-up-shows-authentication/m-p/536889#M110273 kiwi 2023-03-29T10:01:01Z