09-19-2017 05:40 AM
Hello
plz help me in this problem, Agentless User-ID Connection to Active Directory Servers give me timout connection error, how i can fix this ?
i'm using server 2012
i already followed this link steps : https://live.paloaltonetworks.com/t5/Management-Articles/Agentless-User-ID-Connection-to-Active-Dire...
but with no result
09-19-2017 08:30 AM
09-19-2017 09:39 AM
Have you followed the information as documented HERE and actually given the user Distributed COM, Event Log Readers, Server Operators? You also need to give the selected account access to CIMV2 to allow Enable Account and Remote Enable? I'm fairly certain the default permissions for Administrator are not going to work here without following the above.
I highly recommend you do not use the domain admin account for this user and actually setup a seperate account specific to this function and properly follow the Best Practices guide HERE
09-19-2017 10:16 AM
yes i did with another account but there is n problem 😞
10-01-2017 08:59 AM
For another server i am getting error as not connected , when i add the user id to domain admin group it is getting connected without any error and when i remove it shows not connected
the server is 2012 , not sure if this will work on 2008 server ....you may try the same
10-01-2017 12:30 PM
Plz can you send me by pictures how you add this user-id ??
10-02-2017 08:59 AM
hi
this has to be done on server side i.e on AD for service account which you are using in PA for user id to ip mapping , you have to add that user to group which i required as mentioned on PA site i.e event log , security log , DCOM , server operator ... once you also add him to domain admin group it will show connected ....i my case when i did this on lab it is working but in customer it is still not working.... please advise anyone if they know the solution for this ..i even reseted the password of the service account
10-03-2017 10:10 AM
No it's not working brother
why not the paloalto support team dosn't help on this ??
10-09-2017 02:16 AM
@hamza_ineosi managed to resolve the issue , the issue which i was facing i.e . connection timeout on server monitoring
i found out that customer installed symantec antivirus on DC and once we removed it , rebooted the server then it started to connect . before this i did a pcap from bot the fw to check if there is any drop. if no drop that means fw is not in issue . hope this will help you to resolve your problem . you may ask the system admin to uninstall any antivirus installed on DC and turn off the FW of server . RPC port 135 is used in agent less config to get the logs from PA FW
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
