02-14-2024 05:58 AM
Hi all, we are observing this behaviour on some domain controllers where xdr agents losing connection to tenant and the only way-out is to remove them via xdr cleaner and reinstall, only to fail again in a bunch of days.
We are out of ideas, obviously no blocking is in place between agents and paloalto remote systems, servers are only acting as DC , all are Windows 2016 standard .
We started to observe this after 8.1 was deployed but even in the 8.2 branch problems are still presents. Even TSR won't generate, stays on "Generating..." message for an ethernity and at the end nothing will be saved or generated.
Already opened ticket, waiting for a response.
Did someone is in the same boat as us?
02-15-2024 12:49 PM
Hello @RobertoPastorino,
nearly the same here. 3 servers and about 15 Clients which do not connect to the dashboard, because the service is not running and in an stopping state. It happens, when the agent pulls an upgrade.
Out of my ticket, PA mentioned they are working on this problem and other clients are also affected.
I would recommend to monitor the service. If the client/server is on, but the service is not available, you should get alerted.
BR
Rob
02-16-2024 01:49 AM - edited 02-16-2024 02:00 AM
Hi, while investigating, we saw that clients stops talking with RPC right after a content update.
Services for us are indeed running, but policies are applied in a strange way: malware policy is the custom one in use for our servers, agent policy instead is the default one, so that we can use the default Password1 pass to work with cytools.
Trying connectivity tests from cytool we get a RPC error:
RPC call for connectivity test command 'connectivity_test' failed with error, code = 13, message = Ipc send message failed with error: 13:Channel client - Client failed to send the message due to timeout
Please note that this very server has been redo from scratch and is only serving as Domain Controller, there are only 3 other softwares on it, an azure and a cisco ad connector and a qualys cloud agent.
Support is on it but at this moment we are on the info gathering process.
09-04-2024 08:16 PM
I'm having the same problem with a client for a domain controller, how did you solve the problem?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
