user-id

Abdul_Razaq — Sun, 24 Mar 2019 20:36:04 GMT

Hi Community,

I am running PA local user-id agent in PAN os 8.1.3

i am facing an issue that my server monitoring is shows as 'not-connected', i am able to test the authentication and proper service account is configured. it was working fine for long time and hope ther was some windows patch in AD server recently.

when i capture in AD server, i am able to see communocation between firewall and server, when firewall queries for tree, windows server is replying the LDAP tree as well.

i am not sure how PA reads the security log and get IP-USER mapping, so not able to check the same.

in PA user-id logs, i am able to see the following error,

<var/log/pan/useridd.log> 2019-03-24 17:47:52.517 +0400 Error: pan_user_id_win_log_query(pan_user_id_win.c:1364): log query for EOHODC01 failed: NTSTATUS: NT code 0xc002001b - NT code 0xc002001b

<var/log/pan/useridd.log> 2019-03-24 17:47:52.517 +0400 Error: pan_user_id_win_get_error_status(pan_user_id_win.c:1055): WMIC message from server EOHODC01: NTSTATUS: NT code 0xc002001b - NT code 0xc002001b

Does anybody knows what is this error is ?.

Re: user-id

Abdul_Razaq — Sun, 24 Mar 2019 20:36:18 GMT

@reaper , @BPry @OtakarKlier , guys pleas advice if you have any inputs

Re: user-id

reaper — Mon, 25 Mar 2019 06:52:29 GMT

have you checked out these articles:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFWCA0

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGGCA0

Agentless User-ID requires a useraccount that's set up for WMI to be able to read logs, while authentication and directory tree are ldap

topic user-id in General Topics

user-id

Re: user-id

Re: user-id