Question About Traps Behaviour

Reply
Highlighted
L1 Bithead

Question About Traps Behaviour

Hello dear community,

 

I have a question about traps behaviour, we have a customer that have machines not able to connect agains their cloud services:

 

"2020-01-27T11:22:49.168+01:00 VMCO-13 [2004:2312 #24:24] {trapsd:Infrastructure:Heartbeat(user ID=S-1-5-21-2238142029-4184273230-3152458776-1774, name=testvv3):https://ch-best.traps.paloaltonetworks.com/operations/provision/register:} <Info> HTTP request body (JSON): { "agentId" : "", "computerName" : "VMCO-13", "computerSid" : "S-1-5-21-2238142029-4184273230-3152458776-3544", "distrId" : "f94430d8ec7996ec2e6c83248409ab08", "domain" : "tercat.local", "goldenImageId" : "bc50e0f31dbac129ab0debcae792aea1", "ip" : "172.16.10.112", "is64" : true, "osType" : 1, "osVersion" : "6.1.7601", "productName" : "", "productType" : 1, "protectionStatus" : 0, "trapsVersion" : "6.1.3.26103", "userName" : "testvv3", "userSid" : "S-1-5-18", "vdi" : 1 } 2020-01-27T11:22:49.330+01:00 VMCO-13 [2004:2312 #24:24] {trapsd:Infrastructure:Heartbeat(user ID=S-1-5-21-2238142029-4184273230-3152458776-1774, name=testvv3):https://ch-best.traps.paloaltonetworks.com/operations/provision/register:} <Info> HTTP status: 400, reason: Bad Request 2020-01-27T11:22:49.331+01:00 VMCO-13 [2004:2312 #24:24] {trapsd:Infrastructure:Heartbeat(user ID=S-1-5-21-2238142029-4184273230-3152458776-1774, name=testvv3):https://ch-best.traps.paloaltonetworks.com/operations/provision/register:} <Info> HTTP response body: { "error" : "authentication failed: failed to verify distribution"

 

According to them, this error appeared when they did a VDI clone of machines based on one template.

 

That's the template

 

1.png

3_NotWorkingAfterClone.png

 

I would like to confirm what is the Traps behaviour in this scenario because I've never seen that before. I think the most possible is that something on the machine change on its registers that affects to the traps agents and is not related with Traps. But I like to confirm. Can you help?

 

Regards,

Aitor

Highlighted
L2 Linker

Re: Question About Traps Behaviour

Does the agent installation still exist in the tenant?  If it is deleted, no agents will activate with that MSI.


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!