11-02-2018 07:37 AM
Hello,
I installed UIA 8.0.12-5 on WIN server 2008 R2 (FW PAN OS is 8.0.13).
I'm throubleshooting userid login problem and it looks that log event (Event ID 4768,4769,4770,4624) are not readed by the user agent on Windows Server 2016.
Connecting to WIN 2016 server I can see that Event ID 4768,4769,4770,4624 are on the security log but if I increase the debug on the UIA (verbose) this event are not there.
It looks like the agent doesn't understand the Event generated by the WIN Server 2016, is there any guide how to set up the event log of the WIN Server 2016 to by compatible with UIA ?
11-02-2018 10:05 AM
Please ensure that you've actually properly granted the user-id agent service account the proper permissions to read from event logs.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
