10-16-2019 08:15 AM
hello team
we have this new set up for group-mapping , with 4 AD servers, we already set-up everything, we can see in the user monitoring all activity from user, however in the section relate to server monitor the status only shows one server connected, we follow the KB: https://knowledgebase.paloaltonetworks.com/KCArticleDetail?id=kA10g000000ClaICAS to validate the configuration on the AD's for he user and we are fine with this, we are running PAN-OS 8.1.9 in this scenario.
are we facing a bugging issue as a reason why we don't see all the 4 AD's with status as a connected?
please let me know your comments.
cordially
jose
10-16-2019 10:52 AM
This isn't any of the known bugs associated with 8.1.9. You should see all the AD servers as connected as long as they've all actually been configured properly. Verify that your system admins haven't only added the proper permissions on the one AD server.
10-16-2019 02:35 PM
The error you are receiving is a permissions error, again, verify that you actually have permissions set correctly. The error message you posted is saying they aren't
10-16-2019 10:52 AM
This isn't any of the known bugs associated with 8.1.9. You should see all the AD servers as connected as long as they've all actually been configured properly. Verify that your system admins haven't only added the proper permissions on the one AD server.
10-16-2019 12:50 PM
hi there
as I said before, all 4 AD servers have the same user configuracion and permissions for this setup,
the issue that only one appears as a connected.
cordially
jose
10-16-2019 01:01 PM
hi
the below is the log from the PA
2019-10-16 07:48:35.172 -0600 Error: pan_user_id_win_log_query(pan_user_id_win.c:1364): log query for SRPRDC03 failed: NTSTATUS: NT code 0x80041003 - NT code 0x80041003
2019-10-16 07:48:35.172 -0600 Error: pan_user_id_win_get_error_status(pan_user_id_win.c:1055): WMIC message from server SRPRDC03: NTSTATUS: NT code 0x80041003 - NT code 0x80041003
cordially
jose
10-16-2019 02:35 PM
The error you are receiving is a permissions error, again, verify that you actually have permissions set correctly. The error message you posted is saying they aren't
10-16-2019 02:56 PM
yes, we found that the admin of the AD server was not setup properly the other 3 srvs, just he configure one, 😞
now all of them show their status as a CONNECTED
thank you
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
