09-05-2020 12:08 PM
i am facing user id issue it's show connected but some time is not show not connected. when i check the USER-ID log i find this error. please suggest.
Error: pan_user_id_win_log_query(pan_user_id_win.c:1364): log query for <Server-IP > failed: NTSTATUS: NT code 0xc002001b - NT code 0xc002001b
2020-09-03 13:09:08.934 +0400 Error: pan_user_id_win_get_error_status(pan_user_id_win.c:1055): WMIC message from server <Server-IP > : NTSTATUS: NT code 0xc002001b - NT code 0xc002001b
09-05-2020 07:22 PM
Do you want to set up a team viewer session? I can take a look if you'd like.
09-05-2020 09:26 PM
This is a permission error on the service account.Double check that you've granted the service account used in the WMI configuration the proper permissions on the account.
09-29-2020 11:54 PM
I have check the WMI Permission on service account and all the permission are give on service account.
28 17:42:54.567 +0400 Error: pan_user_id_win_wmic_log_query(pan_user_id_win.c:1588): log query for <Server Name> failed: NTSTATUS: NT code 0xc002001b - NT code 0xc002001b
2020-09-28 17:42:54.567 +0400 Error: pan_user_id_win_get_error_status(pan_user_id_win.c:1273): WMIC message from server <Server Name>: NTSTATUS: NT code 0xc002001b - NT code 0xc002001b
---
2020-09-28 17:38:19.933 +0400 Warning: pan_user_id_win_log_parse(pan_user_id_win.c:1458): failed to convert time str 20200928133[wmi/wmic.c:216:main()] ERROR: Retrieve result data.
2020-09-28 17:41:05.187 +0400 Warning: pan_user_id_win_log_parse(pan_user_id_win.c:1458): failed to convert time str 2020[wmi/wmic.c:216:main()] ERROR: Retrieve result data.
---
Regards,
Joshan Lakhani
03-23-2022 04:45 AM
I am having exactly the same issue. I even tested the account permission via wbemtest and it is OK, yet both the Windows User-ID Agent and Integrated User-ID Agent are not able to connect with any of the Active Directory servers except 1. The communication is also 'allowed' via the firewall. Not sure how to troubleshoot this issue.
05-14-2022 11:37 PM
Here are some of the reference links that helped me resolve my issue. It was basically two fold solution, (a) proper rights assignment on the AD & (b) right patches on the AD as well as on the UserID Agent server.
INSTALLING MICROSOFT'S JUNE 8TH 2021 NTLM ELEVATION OF PRIVILEGE VULNERABILITY PATCHES MAY BREAK THE USER-ID AGENT'S CONNECTION TO DOMAIN CONTROLLER(S):
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Vcg
Enable Remote WMI Access for a Domain User Account:
https://martellotech.com/blog/enable-remote-wmi-access-for-a-domain-user-account/
Server Monitoring Not Connected:
https://live.paloaltonetworks.com/t5/general-topics/server-monitoring-not-connected/td-p/257956
This link helps in WMI testing
AGENTLESS USER-ID 'ACCESS DENIED' ERROR IN SERVER MONITOR:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clk0CAC
This link has the resolution of the Access Denied error.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
