Agentless User-ID Connection to Active Directory Servers give me timout connection error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Agentless User-ID Connection to Active Directory Servers give me timout connection error

L2 Linker

Hello

plz help me in this problem, Agentless User-ID Connection to Active Directory Servers give me timout connection error, how i can fix this ?

i'm using server 2012

i already followed this link steps : https://live.paloaltonetworks.com/t5/Management-Articles/Agentless-User-ID-Connection-to-Active-Dire...

but with no result

user-agent.jpg

11 REPLIES 11

L3 Networker

Hi,

Whats the the AD domian name,please try domain\username

yes i did it already, my domain is pa.ma, but there is no result

Cyber Elite
Cyber Elite

@hamza_ineos,

Have you followed the information as documented HERE  and actually given the user Distributed COM, Event Log Readers, Server Operators? You also need to give the selected account access to CIMV2 to allow Enable Account and Remote Enable? I'm fairly certain the default permissions for Administrator are not going to work here without following the above. 

 

highly recommend you do not use the domain admin account for this user and actually setup a seperate account specific to this function and properly follow the Best Practices guide HERE

yes i did with another account but there is n problem 😞

L3 Networker

did you got the solution as i am also getting same error 

no not yet

For another server i am getting error as not connected , when i add the user id to domain admin group it is getting connected without any error and when i remove it shows not connected 

 

the server is 2012 , not sure if this will work on 2008 server ....you may try the same 

Plz can you send me by pictures how you add this user-id ??

hi 

 

this has to be done on server side i.e on AD for service account which you are using in PA for user id to ip mapping , you have to add that user to group which i required as mentioned on PA site i.e event log , security  log , DCOM , server operator ... once you also add him to domain admin group it will show connected ....i my case when i did this on lab it is working but in customer it is still not working.... please advise anyone if they know the solution for this ..i even reseted the password of the service account 

No it's not working brother

why not the paloalto support team dosn't help on this ??

@hamza_ineosi managed to resolve the issue , the issue which i was facing i.e . connection timeout on server monitoring 

i found out that customer installed symantec antivirus on DC and once we removed it , rebooted the server then it started to connect . before this i did a pcap from bot the fw to check if there is any drop. if no drop that means fw is not in issue . hope this will help you to resolve your problem . you may ask the system admin to uninstall any antivirus installed on DC and turn off the FW of server . RPC port 135 is used in agent less config to get the logs from PA FW

  • 5458 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!