https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226680#M65254 <P>you can use tcpdump&nbsp;in the CLI and filter for your AD to see if packets are going out and being replied to properly</P> <P>&nbsp;</P> <P>(view by&nbsp;<SPAN class="s1">&gt; view-pcap mgmt-pcap mgmt.pcap )</SPAN></P> Fri, 10 Aug 2018 07:24:39 GMT reaper 2018-08-10T07:24:39Z https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226606#M65227 <P>PAN-OS 8.0.9</P><P>Server 2008-R2</P><P>&nbsp;</P><P>I am in the process of investigating the setup of User-ID, utilising our test network which has a&nbsp;VM500</P><P>&nbsp;</P><P>I am starting using the Agentless option. ( The production site has 500 users, mostly Citrix Terminal Sessions but also Some PC's so I guess I will also need the TS agent further down the line.)</P><P>&nbsp;</P><P>I have done the three basic steps that seem to be outlined in every guide</P><P>&nbsp;</P><P>Create service account with Domain Admin privs.</P><P>In user mapping server monitorig Discovered the DC's...</P><P>added the WMI Authentication Creds on agent setup.</P><P>Committed...</P><P>&nbsp;</P><P>But all i get is "Status [Not Connected]"</P><P>&nbsp;</P><P>Can't seem to find any info on why it's nto working?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 09 Aug 2018 15:00:46 GMT https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226606#M65227 RobinClayton 2018-08-09T15:00:46Z https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226618#M65231 <P>By default the user id will try to connect to the server via management port. If this is an issue then change it in device/setup/services</P><P>&nbsp;</P><P>there are other rasons but start with this one as it caught me out...</P><P>&nbsp;</P><P>*reasons not rasons lol.</P> Thu, 09 Aug 2018 17:05:59 GMT https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226618#M65231 Mick_Ball 2018-08-09T17:05:59Z https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226680#M65254 <P>you can use tcpdump&nbsp;in the CLI and filter for your AD to see if packets are going out and being replied to properly</P> <P>&nbsp;</P> <P>(view by&nbsp;<SPAN class="s1">&gt; view-pcap mgmt-pcap mgmt.pcap )</SPAN></P> Fri, 10 Aug 2018 07:24:39 GMT https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226680#M65254 reaper 2018-08-10T07:24:39Z https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226684#M65255 <P>Well the PCAP did not give much joy, although it did show some "ICMP unreachable" to the server...</P><P>&nbsp;</P><P>The server Pinged fine on the CLI by&nbsp;"ShortDN" and "FQDN"</P><P>&nbsp;</P><P>&nbsp;</P><P>HunchTime.....</P><P>&nbsp;</P><P>So althoug I could ping from the management interface, there seemed to be some issue with the Management Plane making some connection via DNS entry..</P><P>&nbsp;</P><P>I added another server in the list but specified it by IP rather than DNS name... Committed , Connected!</P><P>&nbsp;</P><P>No idea if the production environment will have the same issue but at least I have a workarround..</P><P>&nbsp;</P><P>Cheers</P><P>&nbsp;</P><P>Rob</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 10 Aug 2018 09:18:02 GMT https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226684#M65255 RobinClayton 2018-08-10T09:18:02Z https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226686#M65256 <P>ok nice one...</P><P>&nbsp;</P><P>why dont you just modify the original server entry to "IP Address" just to make sure its nothing else in that server config causing the issue.</P><P>&nbsp;</P><P>also add fqdn to second entry...&nbsp; just for dns test purpose</P> Fri, 10 Aug 2018 09:26:05 GMT https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-quot-not-connected-quot/m-p/226686#M65256 Mick_Ball 2018-08-10T09:26:05Z