I cannot read AD logs on Windows Server 2016 with the event viewer read group access. Is there anything special that needs to be on Windows 2016 Domain?
There are a number of limitations with getting this to function that primarly deal with what PAN-OS version you are running. Can you list what firmware you are running and the user-id agent version if applicable.
Did you go back through and give the SA that you setup permissions to the installation folder so that it can actually interact with the user-id agent? That's about the only thing that I can think of, the USER-ID agent permissions are relatively straight forward in the fact that you only need the Event Log Reader permissions unless you use the integrated user-id agent in the firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!