AD trouble after installing content version 729

Showing results for 
Show  only  | Search instead for 
Did you mean: 

AD trouble after installing content version 729

L3 Networker

We had problems with AD after installing content version 729 this morning. Users were authenticated, but the logon process (group policy, drive mapping) was painfully slow. After we reverted to version 727 everything was OK again. The strange thing is that I see no traffic to our AD controllers being stopped by the firewall.


Anybody else seen this? We're using two PA-5050 in HA (active/passive) running PAN-OS 7.1.10.


L4 Transporter

We had issues associated with HL7 traffic. We have completed a roll back and that resolved the issue.

L3 Networker

Was it seen in Monitor/Traffic or Threats , like drops anything ?

We also had this problem and committed an Any on the Service for AD to work. We were about to test what the issue was when we saw the PA  update on  729. We are reverting to 727 and deleted 729.


Written by Edward Millington

L7 Applicator

Please refer to the following Palo Alto Networks Customer Advisory available at:

@cdp181 wrote:

Our Palo partner suggested a 72 hour delay on content updates.  Interestingly you don't seem to be able to configure a delay in Panorama only on the devices themselves.


FYI on panorama 7.x.x and above I think this option is available. It may be available prior to that release but I cannot confirm,.

L1 Bithead

We're running several pairs of PA-3050's in A/P on 7.1.11 with no issues reported at 729. We've reverted to 727 just to be safe. 

We had trouble with SAP printing but only with destination printers using Kyocera Prescribe

The packet trace shows retransmit because of a missing ACK, but I didn't have time to dig deeper.

All the other problems didn't seem to hit us, alt least not to a degree where the complaints made it to me.


We will send PA out Techsupport file. Our traffic was low to cause any issues with buffers, but any info to help them will be sent.

L0 Member

Can anyone confirm that issues are with 729 only? We have firewalls on 728 and have not had any reported issues.

L0 Member

We were affected as well.  AD traffic, gpupdates, Apple/Linux authentication with AD were all slow and/or not working.  Reverting back to 727 fixed the issue.

L0 Member

We had major performance issue on our extranet web servers. We reverted back from 729 and issue resolved itself.


PA-500 in HA running 7.1.10

PA-3020 in HA running 7.1.10

L0 Member

External users attempting to connect to applications through GlobalProtect with 5060 HA pair were not able to connect. Reverting to 727 resolved the issue.

@gbprotect wrote:

Can anyone confirm that issues are with 729 only? We have firewalls on 728 and have not had any reported issues.

728 works okay.  We had issues with active directory communcation (presumably LDAP) on 729.  Reverting to 728 resolved the issues.

L2 Linker

we have 3050 HA pair active/active, a  bunch of 3020 and some 500 and 200, all running OS 7.18, using threat 729

no user complaints so far

L2 Linker

We had been experiencing AJP (TCP 8009) issues between our Web servers and JBoss servers all morning.  Reverting to 727 fixed our issues.

  • 52 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!