https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5137#M3775 <HTML><HEAD></HEAD><BODY><P>did you try to enable SSL?</P><P></P><P>I also noticed that you use global catolog ports, is that intended? the LDAP ports are 389 and 636 (SSL)</P></BODY></HTML> Fri, 11 Jul 2014 13:47:43 GMT AlexAState 2014-07-11T13:47:43Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5131#M3769 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P>I've Palo Alto 5050 Active/Active Vwire deployment. the deployment was integrated with Active directory 2008 R2, but now I installed Active directory 2012 R2.</P><P>but Palo Alto can't see the users in Acitve Directory 2012 R2.</P><P></P><P>Any help about that please..</P><P></P><P>Regards,</P></BODY></HTML> Fri, 11 Jul 2014 07:06:40 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5131#M3769 homicidedart 2014-07-11T07:06:40Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5132#M3770 <HTML><HEAD></HEAD><BODY><P>Which user-id method are you using to get the associations?</P><P></P><P>Are there any logs or messages in the server event log if you have the local agent, or on the firewall system logs?</P></BODY></HTML> Fri, 11 Jul 2014 10:38:51 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5132#M3770 pulukas 2014-07-11T10:38:51Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5133#M3771 <HTML><HEAD></HEAD><BODY><P>Hello Steven,</P><P>I'm using the PA Local agent</P><P><IMG alt="" class="image-0 jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/14383_pastedImage_0.png" style="max-width: 1200px; max-height: 900px;" /></P><P></P><P>and the configuration is below</P><P></P><P><IMG alt="" class="image-1 jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/14384_pastedImage_1.png" style="max-width: 1200px; max-height: 900px;" /></P><P></P><P><IMG alt="" class="image-2 jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/14385_pastedImage_2.png" style="max-width: 1200px; max-height: 900px;" /></P><P></P><P><IMG alt="" class="image-3 jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/14386_pastedImage_3.png" style="max-width: 1200px; max-height: 900px;" /></P><P></P><P>when I was using AD 2008 R2 all was working perfectly, but when I migrated to AD 2012 R2 nothing is working, even the Active directory administrators Login.</P><P></P><P>Regards,</P><P>Maher</P></BODY></HTML> Fri, 11 Jul 2014 11:01:10 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5133#M3771 homicidedart 2014-07-11T11:01:10Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5134#M3772 <HTML><HEAD></HEAD><BODY><P>If even the AD login does not work, I'm thinking this is on the Server side.</P><P></P><P>On a local install, was the installer run as administrator and the agent have administrator rights?</P><P>If queried from a remote computer to the AD, has the Windows Server built in firewall been configured to permit the connection?</P></BODY></HTML> Fri, 11 Jul 2014 11:27:41 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5134#M3772 pulukas 2014-07-11T11:27:41Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5135#M3773 <HTML><HEAD></HEAD><BODY><P>for the first point, actually that isn't server side issue. as the server supports the connection to all other Network and security appliances in our organization.</P><P></P><P>for the agent, I'm using the Local PA agent which resides on the appliance, and communicates with Active directory using admin account. and no firewall is enabled on the active directory.</P><P></P><P>Regards,</P></BODY></HTML> Fri, 11 Jul 2014 11:40:52 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5135#M3773 homicidedart 2014-07-11T11:40:52Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5136#M3774 <HTML><HEAD></HEAD><BODY><P>Try the IP of your AD as network Address instead of FQDN cealad02.centamin.local</P><P></P><P>maybe your Firewall cannot resolve the FQDN.</P><P></P><P>Although reenter your WMI Admin Credentials.</P><P>(not in LDAP Server Profile but in local User Agent)</P><P></P><P>If this does not help, open a Support Case.</P><P></P><P>Regards</P><P>Marco</P></BODY></HTML> Fri, 11 Jul 2014 13:40:29 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5136#M3774 MarcoLeckel 2014-07-11T13:40:29Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5137#M3775 <HTML><HEAD></HEAD><BODY><P>did you try to enable SSL?</P><P></P><P>I also noticed that you use global catolog ports, is that intended? the LDAP ports are 389 and 636 (SSL)</P></BODY></HTML> Fri, 11 Jul 2014 13:47:43 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5137#M3775 AlexAState 2014-07-11T13:47:43Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5138#M3776 <HTML><HEAD></HEAD><BODY><P>Hello Marco,</P><P>I already tried to set the AD config using the IP address, and it didn't work too, although I tried to check reachability using the FQDN using ping and it works properly.</P><P>and for the Admin credentials, it's configured in both the LDAP profile and the Local Agent.</P><P></P><P>Regards,</P></BODY></HTML> Fri, 11 Jul 2014 15:55:19 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5138#M3776 homicidedart 2014-07-11T15:55:19Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5139#M3777 <HTML><HEAD></HEAD><BODY><P>Hi Alexa,</P><P>no I'm not using SSL on the servers, so I didn't configure the connection to use ssl. also I use the Global catalog ports because the LDAP server is GC.</P><P></P><P>Regards,</P><P>Maher</P></BODY></HTML> Fri, 11 Jul 2014 16:02:08 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5139#M3777 homicidedart 2014-07-11T16:02:08Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5140#M3778 <HTML><HEAD></HEAD><BODY><P>Dears,</P><P>I would like to know if OS 5.0.9 support integration with LDAP 2012 R2.</P><P>can any one provide any article?</P><P></P><P>Regards,</P></BODY></HTML> Fri, 11 Jul 2014 16:05:59 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5140#M3778 homicidedart 2014-07-11T16:05:59Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5141#M3779 <HTML><HEAD></HEAD><BODY><P>There is no update documentation for server 2012.&nbsp; And as you note, the global catalog really has not changed so there should be no difference for you.</P><P></P><P>this is the most recently updated User-id Best practices from March of 2014.&nbsp; And you GC configuration does seem to match the example.</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-6591">User-ID Best Practices - PAN-OS 5.0, 6.0</A></P></BODY></HTML> Fri, 11 Jul 2014 22:14:07 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5141#M3779 pulukas 2014-07-11T22:14:07Z https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5142#M3780 <HTML><HEAD></HEAD><BODY><P>Thanks Steven.</P><P>I did resolved the Issue by removing the configuration and configure it from scratch.</P><P></P><P>Regards,</P><P>Maher</P></BODY></HTML> Sat, 12 Jul 2014 03:34:42 GMT https://live.paloaltonetworks.com/t5/general-topics/active-directory-2012-r2-integration-with-pan-os-5-0-9/m-p/5142#M3780 homicidedart 2014-07-12T03:34:42Z