Error useridd log

soporteseguridad — Wed, 20 Apr 2016 10:11:41 GMT

Hi,

We are having a lot of strage log in the useridd.log file. We dont know why we are receiving these logs.

The LDAP is configured correctly and we have the read permissions for everything in AD user. Users are working fine.

Please why are we recinivng these logs and how ca we solve??

2016-04-19 09:01:58.577 +0200 connecting to ldap://[192.168.49.81]:636 with StartTLS...
2016-04-19 09:01:58.579 +0200 Error: pan_ldap_init_ex(pan_ldap.c:252): start_tls_s return(-1) : Can't contact LDAP server
2016-04-19 09:01:58.579 +0200 connecting to ldaps://[192.168.49.81]:636 ...
2016-04-19 09:01:58.585 +0200 ldap cfg LDAP_xx connected to 192.168.49.81:636(index 1)
[44;1H[K[7m99%[27m[44;1H[44;1H[K2016-04-19 09:01:58.587 +0200 Error: pan_ldap_ctrl_search_single_group(pan_ldap_ctrl.c:2657): failed to get group obj for 'cn=pa_vectorsf,ou=firewall_groups,ou=groups,
ou=mng,dc=intranet,dc=,dc=es'
2016-04-19 09:01:58.587 +0200 Error: pan_ldap_ctrl_query_single_included_group(pan_ldap_ctrl.c:2928): pan_ldap_ctrl_search_single_group() failed for 'cn=pa_vectorsf,ou
=firewall_groups,ou=groups,ou=mng,dc=intranet,dc=xxxxx,dc=es'
2016-04-19 09:01:58.587 +0200 Error: pan_ldap_ctrl_query_limited_groups(pan_ldap_ctrl.c:3030): pan_ldap_ctrl_query_single_included_group() failed
2016-04-19 09:01:58.638 +0200 Error: pan_ldap_ctrl_search_single_group(pan_ldap_ctrl.c:2657): failed to get group obj for 'cn=pa_vdi_externos,ou=firewall_groups,ou=gro
ups,ou=mng,dc=intranet,dc=xxxxx,dc=es'
2016-04-19 09:01:58.638 +0200 Error: pan_ldap_ctrl_query_single_included_group(pan_ldap_ctrl.c:2928): pan_ldap_ctrl_search_single_group() failed for 'cn=pa_vdi_externo
s,ou=firewall_groups,ou=groups,ou=mng,dc=intranet,dc=xxxxx,dc=es'
2016-04-19 09:01:58.638 +0200 Error: pan_ldap_ctrl_query_limited_groups(pan_ldap_ctrl.c:3030): pan_ldap_ctrl_query_single_included_group() failed
2016-04-19 09:01:58.788 +0200 Error: pan_ldap_ctrl_search_single_group(pan_ldap_ctrl.c:2657): failed to get group obj for 'cn=vdi_sap_deloitte_sin_office,ou=vdi-nutani
x,ou=groups,ou=mng,dc=intranet,dc=xxxxx,dc=es'
2016-04-19 09:01:58.788 +0200 Error: pan_ldap_ctrl_query_single_included_group(pan_ldap_ctrl.c:2928): pan_ldap_ctrl_search_single_group() failed for 'cn=vdi_sap_deloit
te_sin_office,ou=vdi-nutanix,ou=groups,ou=mng,dc=intranet,dc=xxxxx,dc=es'
2016-04-19 09:01:58.788 +0200 Error: pan_ldap_ctrl_query_limited_groups(pan_ldap_ctrl.c:3030): pan_ldap_ctrl_query_single_included_group() failed
2016-04-19 09:01:59.152 +0200 Error: pan_ldap_ctrl_search_single_group(pan_ldap_ctrl.c:2657): failed to get group obj for 'cn=pa_vdi_ipm,ou=firewall_groups,ou=groups,o
u=mng,dc=intranet,dc=xxxxx,dc=es'
2016-04-19 09:01:59.152 +0200 Error: pan_ldap_ctrl_query_single_included_group(pan_ldap_ctrl.c:2928): pan_ldap_ctrl_search_single_group() failed for 'cn=pa_vdi_ipm,ou=
firewall_groups,ou=groups,ou=mng,dc=intranet,dc=xxxxx,dc=es'
2016-04-19 09:01:59.152 +0200 Error: pan_ldap_ctrl_query_limited_groups(pan_ldap_ctrl.c:3030): pan_ldap_ctrl_query_single_included_group() failed
2016-04-19 09:01:59.153 +0200 Error: pan_ldap_ctrl_search_single_group(pan_ldap_ctrl.c:2657): failed to get group obj for 'cn=pa_vdi_opentrends,ou=firewall_groups,ou=g
roups,ou=mng,dc=intranet,dc=xxxxx,dc=es'
2016-04-19 09:01:59.153 +0200 Error: pan_ldap_ctrl_query_single_included_group(pan_ldap_ctrl.c:2928): pan_ldap_ctrl_search_single_group() failed for 'cn=pa_vdi_opentre
nds,ou=firewall_groups,ou=groups,ou=mng,dc=intranet,dc=xxxxx,dc=es'
2016-04-19 09:01:59.153 +0200 Error: pan_ldap_ctrl_query_limited_groups(pan_ldap_ctrl.c:3030): pan_ldap_ctrl_query_single_included_group() failed
2016-04-19 09:01:59.233 +0200 Error: pan_ldap_ctrl_search_single_group(pan_ldap_ctrl.c:2657): failed to get group obj for 'cn=cc-1129,ou=cc_groups,ou=security groups,o
u=groups,ou=mng,dc=intranet,dc=xxxxx,dc=es'

Re: Error useridd log

reaper — Wed, 20 Apr 2016 14:02:11 GMT

it seems you're using SSL, are you sure ssl is enabled on the active directory ?

you could try disabling ssl to see if that clears your issue

you mention users are working fine: do you mean user to IP mapping works? this is usually collected through a userID agent or clientless WMI configuration on the fiorewall, this is a different type of channel

hope this helps

Tom

Re: Error useridd log

soporteseguridad — Thu, 21 Apr 2016 08:50:57 GMT

Palo Alto tries to connect using LDAPs, fist attempt fails but second one works.

On the other hand, you can see a lot of error getting groups and moving user to dplane.

We dont know why we see these errors. Users are working fine, so they didt report a problem. Just one time two groups lost mapping and they reported a problem....

Re: Error useridd log

soporteseguridad — Fri, 22 Apr 2016 07:33:42 GMT

How this commns will affect to the service???

Please try restarting the User-ID
>Debug software restart process user-id

>Debug user-id reset user-id-agent all

Re: Error useridd log

reaper — Fri, 22 Apr 2016 09:02:11 GMT

the userid process is responsible for using the ldap profile to fetch group information, so resetting that service hould help restore connectivity

not sure why you'd want to reset the user-id agents

topic Re: Error useridd log in General Topics

Error useridd log

Re: Error useridd log

Re: Error useridd log

Re: Error useridd log

Re: Error useridd log