UserID connecting-disconnecting

Reply
L4 Transporter

UserID connecting-disconnecting

Hi, im having problem accesing to my PA (i think because of UserID). If i try with local user its ok but with my LDAP user is not working. The users cant access via VPN neither.

I can see a lot of events about "connect-agent" and suddenly "disconnect-agent".........¿¿why this strange behaviour?

Nov 11 10:57:48 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:48 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:49 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:49 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:49 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:49 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Error: pan_comm_get_tcp_conn(comm_utils.c:565): COMM: cannot connect. remote ip=127.0.0.1 port=10000 err=Connection refused(146) sock=14

Nov 11 10:57:50 Error: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:127): pan_comm_get_tcp_conn(localhost, 10000) failed

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:50 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:52 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:52 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:52 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:52 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:52 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:52 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Error: pan_comm_get_tcp_conn(comm_utils.c:565): COMM: cannot connect. remote ip=127.0.0.1 port=10000 err=Connection refused(146) sock=14

Nov 11 10:57:55 Error: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:127): pan_comm_get_tcp_conn(localhost, 10000) failed

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:55 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:56 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:56 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:56 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:56 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:56 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:56 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:57 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:57:59 Warning: pan_to_ms_conn_tcp_channel_setup(pan_to_ms_conn.c:119): Too close to last failed connection

Nov 11 10:58:01 connection to MS setup

Nov 11 10:58:34 Error: pan_user_id_agent_uia_proc_v5(pan_user_id_uia_v5.c:563): hasn't heard from Servidor wn12(1) for 63 seconds

Nov 11 10:59:40 Error: pan_user_id_agent_uia_proc_v5(pan_user_id_uia_v5.c:563): hasn't heard from Servidor wn12(1) for 61 seconds

Highlighted
L4 Transporter

Re: UserID connecting-disconnecting

I add this new log

Nov 11 11:14:20 Error: pan_user_id_agent_uia_proc_v5(pan_user_id_uia_v5.c:563): hasn't heard from Servidor wn12(1) for 61 seconds

Nov 11 11:15:26 Error: pan_user_id_agent_uia_proc_v5(pan_user_id_uia_v5.c:563): hasn't heard from Servidor wn12(1) for 61 seconds

Nov 11 11:15:36 Error: pan_ssl_readn_nowait(pan_ssl_utils.c:758): SSL :error:00000000:lib(0):func(0):reason(0)

Nov 11 11:15:36 Error: pan_user_id_msg_readin(pan_user_id_msg.c:1080): pan_user_id_ssl_readn_nowait() failed.

Nov 11 11:15:36 Error: pan_user_id_agent_msgs_recv(pan_user_id_agent_msgs.c:273): pan_user_id_msg_readin() failed: ERR_SOCKET_FAIL

Nov 11 11:15:36 Error: pan_user_id_agent_send_and_recv_msgs(pan_user_id_agent.c:1665): pan_user_id_agent_msgs_recv() failed

Nov 11 11:15:36 Error: pan_user_id_agent_uia_proc_v5(pan_user_id_uia_v5.c:568): pan_user_id_agent_send_and_recv_msgs() failed for Servidor wn12(1)

Nov 11 11:16:16 Error: pan_user_id_agent_send_and_recv_msgs(pan_user_id_agent.c:1665): pan_user_id_agent_msgs_recv() failed

Nov 11 11:16:16 Error: pan_user_id_agent_uia_proc_v5(pan_user_id_uia_v5.c:568): pan_user_id_agent_send_and_recv_msgs() failed for UID New(1)

Nov 11 11:21:27 connecting to ldap://[10.1.1.249]:636 with StartTLS...

Nov 11 11:21:27 Error: pan_ldap_init_ex(pan_ldap.c:325): start_tls_s return(-1) : Can't contact LDAP server

Nov 11 11:21:27 connecting to ldaps://[10.1.1.249]:636 ...

Nov 11 11:21:27 ldap cfg UIA connected to 10.1.1.249:636(index 1)

Nov 11 11:22:08 Warning: pan_ldap_get_search_result(pan_ldap.c:565): Timeout exceeded in ldap_result(30)

Highlighted
L4 Transporter

Re: UserID connecting-disconnecting

error.jpg

Highlighted
L6 Presenter

Re: UserID connecting-disconnecting

can you check if group mapping is working to be sure Ldap is Ok.

Highlighted
L4 Transporter

Re: UserID connecting-disconnecting

admin@fw1orgt(active)> show user user-id-agent state all

Agent: Servidor wn12(vsys: vsys1) Host: 10.1.1.249(10.1.1.249):4444

        Status                                            : conn:idle

        Version                                           : 0x5

        num of connection tried                           : 6547

        num of connection succeeded                       : 6533

        num of connection failed                          : 14

        num of status msgs rcvd                           : 174769

        num of request of status msgs sent                : 251164

        num of request of ip mapping msgs sent            : 124366

        num of request of new ip mapping msgs sent        : 0

        num of request of all ip mapping msgs sent        : 6618

        num of user ip mapping msgs rcvd                  : 413334

        num of ip msgs rcvd but failed to proc            : 0

        num of user ip mapping add entries rcvd           : 3879296

        num of user ip mapping del entries rcvd           : 0

        num of request of group msgs sent                 : 0

        num of group msgs rcvd                            : 0

        num of group msgs recvd buf fail to proc          : 0

        num of xml data msgs rcvd                         : 0

        num of xml data msgs rcvd but failed to proc      : 0

        Last heard(seconds ago)                           : 0

        Messages State:

          Job ID                                          : 0

          Sent messages                                   : 630481

          Rcvd messages                                   : 1042673

          Lost messages                                   : 63

          Failed to send messages                         : 0

          Queued sending msgs with priority 0             : 0

          Queued sending msgs with priority 1             : 0

          Queued rcvring msgs with priority 0             : 0

          Queued rcvring msgs with priority 1             : 0

Agent: UID(vsys: vsys1) Host: 10.1.1.16(10.1.1.16):4444

        Status                                            : conn:idle

        Version                                           : 0x5

        num of connection tried                           : 11115

        num of connection succeeded                       : 11095

        num of connection failed                          : 20

        num of status msgs rcvd                           : 245573

        num of request of status msgs sent                : 255851

        num of request of ip mapping msgs sent            : 129492

        num of request of new ip mapping msgs sent        : 0

        num of request of all ip mapping msgs sent        : 1228

        num of user ip mapping msgs rcvd                  : 540425

        num of ip msgs rcvd but failed to proc            : 0

        num of user ip mapping add entries rcvd           : 3723839

        num of user ip mapping del entries rcvd           : 0

        num of request of group msgs sent                 : 0

        num of group msgs rcvd                            : 0

        num of group msgs recvd buf fail to proc          : 0

        num of xml data msgs rcvd                         : 0

        num of xml data msgs rcvd but failed to proc      : 0

        Last heard(seconds ago)                           : 0

        Messages State:

          Job ID                                          : 0

          Sent messages                                   : 629466

          Rcvd messages                                   : 882366

          Lost messages                                   : 45

          Failed to send messages                         : 0

          Queued sending msgs with priority 0             : 0

          Queued sending msgs with priority 1             : 0

          Queued rcvring msgs with priority 0             : 0

          Queued rcvring msgs with priority 1             : 0

Agent: UID New(vsys: vsys1) Host: 10.1.1.18(10.1.1.18):4444

        Status                                            : conn:idle

        Version                                           : 0x5

        num of connection tried                           : 1130

        num of connection succeeded                       : 1127

        num of connection failed                          : 3

        num of status msgs rcvd                           : 243407

        num of request of status msgs sent                : 255701

        num of request of ip mapping msgs sent            : 129321

        num of request of new ip mapping msgs sent        : 0

        num of request of all ip mapping msgs sent        : 1392

        num of user ip mapping msgs rcvd                  : 545414

        num of ip msgs rcvd but failed to proc            : 0

        num of user ip mapping add entries rcvd           : 3737418

        num of user ip mapping del entries rcvd           : 0

        num of request of group msgs sent                 : 0

        num of group msgs rcvd                            : 0

        num of group msgs recvd buf fail to proc          : 0

        num of xml data msgs rcvd                         : 0

        num of xml data msgs rcvd but failed to proc      : 0

        Last heard(seconds ago)                           : 0

        Messages State:

          Job ID                                          : 0

          Sent messages                                   : 629472

          Rcvd messages                                   : 1232203

          Lost messages                                   : 102

          Failed to send messages                         : 0

          Queued sending msgs with priority 0             : 0

          Queued sending msgs with priority 1             : 0

          Queued rcvring msgs with priority 0             : 0

          Queued rcvring msgs with priority 1             : 0

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

admin@fw1orgt(active)> show user user-id-service status

User ID service info:

        User id service:               down

        Reason:                        user_id service is not enabled

admin@fw1orgt(active)>

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

admin@fw1orgt(active)> show user group-mapping state all

Group Mapping(vsys1, type: active-directory): UIA

        Bind DN    : cn=explotacio,ou=Noestaard,ou=OTusrs,dc=orgt,dc=ad,dc=da,dc=es

        Base       : DC=orgt,DC=ad,DC=diba,DC=es

        Group Filter: (None)

        User Filter: (None)

        Servers    : configured 3 servers

                10.1.1.8(636)

                10.1.1.249(636)

                        Last Action Time: 1466 secs ago(took 31 secs)

                        Next Action Time: In 2134 secs

                10.1.1.16(636)

        Number of Groups: 615

        cn=rrhh,ou=orgtgroups,dc=orgt,dc=ad,dc=diba,dc=es

        cn=orgt.grars,ou=bus,ou=oau=distribution lists,dc=orgt,dc=ad,dc=da,dc=es

-----------------------------------------------------------------------------------------

        cn=aplicextern,ou=users,ou=orgtcitrix,dc=orgt,dc=ad,dc=diba,dc=es

        cn=244_castelldefels_sg,ou=orgtgroups,dc=orgt,dc=ad,dc=diba,dc=es

        cn=domain admins,cn=users,dc=orgt,dc=ad,dc=diba,dc=es

        cn=orgt.elprat.fax,ou=busties,ou=oalgt,ou=distribution lists,dc=orgt,dc=ad,dc=diba,dc=es

Highlighted
L4 Transporter

Re: UserID connecting-disconnecting

The connection between Palo Alto and the 3 UserID is ok but i think there is any problem with PA and DC.....

Highlighted
L7 Applicator

Re: UserID connecting-disconnecting

Hello COS,

Could you please let me know the PAN OS version running in your FW and also share CLI command output > show system resources.

Thanks

Highlighted
L4 Transporter

Re: UserID connecting-disconnecting

The problem is solved. Another Palo ALto mistery :S

the PA had configured 4 servers in LDAP profile. One of those it wasnt LDAP 2 months ago so for this we had problem communications. We have delete this server in the LDAP profile and restart all the UserID Agent and now its working.

Anyway, we have configured 3 more servers in LDAP profile, so i think this shouldnt happen because el PA would use anothe LDAP server, right????

Highlighted
L7 Applicator

Re: UserID connecting-disconnecting

Hello COS,

It seems, above mentioned symptoms are matched with KB DOC: SSL connection failing between User-Id agent and PAN

Could you please try below CLI commands and let me know the result:

Reset the connection between the User ID agent and the firewall

> debug user-id reset user-id-agent <userid/ all>

Restart the userid daemon

> debug software restart user-id

Hope this helps.

Thanks

Highlighted
L6 Presenter

Re: UserID connecting-disconnecting

you can use 4 DC here for redundancy.

one of the DC you used now  seems working

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!