We had problems with AD after installing content version 729 this morning. Users were authenticated, but the logon process (group policy, drive mapping) was painfully slow. After we reverted to version 727 everything was OK again. The strange thing is that I see no traffic to our AD controllers being stopped by the firewall.
Anybody else seen this? We're using two PA-5050 in HA (active/passive) running PAN-OS 7.1.10.
We also had big AD issues after upgrading to 729
PA-7050 in HA running 7.1.10
Seemes fixed afer we reverted to 727
Our own preliminar analysis indicates problems with LDAP (at least) after we upgraded to 729; we noticed the packet buffer was unusually high, and the average duration for LDAP sessions drastically increased, so our best guess is that it was having issues identifying LDAP AppID.
We experienced LDAP traffic problems also today on our PA with content update 729-4193. We identified a policy that used application filtering with application-default service ports, as we saw undecided traffic on port 389. We resolved this temporarily by changing service ports to any. Our policies that used service ports exclusivly was not affected.
Our Exchange 2013 servers stopped working when version 729 was downloaded and applied last night. In the Windows event logs, the Exchange servers were complaining about problems with the Exchange topology and not being able to find a valid domain controller, Event IDs, 2130 2142 2070.
We did have LDAP communication from the Exchange servers to the DC being allowed through our PA 3050s, but most flows were very small, ~464 bytes.
I reverted to version 727 and almost immediately the Exchange servers restarted their services and started servicing email.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!