I've Palo Alto 5050 Active/Active Vwire deployment. the deployment was integrated with Active directory 2008 R2, but now I installed Active directory 2012 R2.
but Palo Alto can't see the users in Acitve Directory 2012 R2.
Any help about that please..
There is no update documentation for server 2012. And as you note, the global catalog really has not changed so there should be no difference for you.
this is the most recently updated User-id Best practices from March of 2014. And you GC configuration does seem to match the example.
Which user-id method are you using to get the associations?
Are there any logs or messages in the server event log if you have the local agent, or on the firewall system logs?
If even the AD login does not work, I'm thinking this is on the Server side.
On a local install, was the installer run as administrator and the agent have administrator rights?
If queried from a remote computer to the AD, has the Windows Server built in firewall been configured to permit the connection?
for the first point, actually that isn't server side issue. as the server supports the connection to all other Network and security appliances in our organization.
for the agent, I'm using the Local PA agent which resides on the appliance, and communicates with Active directory using admin account. and no firewall is enabled on the active directory.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!