This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Failed to execute op command

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Failed to execute op command

Westcon2
L3 Networker

‎05-04-2014 06:08 AM

We frequently face an error for fetching the group-mapping in the user-id tab. The error is normally shown up as failed to execute op command. One of the reason can be invalid credentials in the ldap configuration

opcommand1.PNG.png

Troubleshoot this error with Tail follow yes mp-log userid-log

2014-05-04 14:31:21.052 +0400 connecting to ldap://[192.168.0.199]:389 ...

2014-05-04 14:31:21.056 +0400 Error:  pan_ldap_bind_simple(pan_ldap.c:393): ldap_sasl_bind result return(49) : Invalid credentials

2014-05-04 14:31:21.056 +0400 Error:  pan_user_get_ldap(pan_group_selection_n.c:67): pan_ldap_bind()  failed

2014-05-04 14:31:21.056 +0400 Error:  cfgagent_doop_callback(pan_cfgagent.c:503): Failed to handle op command for agent:

useridd

Reconfigure the credentials in the ldap profile

password change.PNG.png

After changing the credentials, the groups can be pulled.

group-mapping.PNG.png

2014-05-04 14:32:53.760 +0400 connecting to ldap://[192.168.0.199]:389 ...

2014-05-04 14:32:55.860 +0400 connecting to ldap://[192.168.0.199]:389 ..

Aamir Khan

0 Likes Likes
5 REPLIES 5

HULK
L7 Applicator

‎05-05-2014 07:43 AM

Hello Aamir,

Are you using windows 2012 server in your set-up..?

Thanks

0 Likes Likes

Westcon2
L3 Networker
In response to HULK

‎05-05-2014 11:28 AM

Yes it is Server 2012.

0 Likes Likes

HULK
L7 Applicator
In response to Westcon2

‎05-05-2014 12:24 PM

Hello Aamir,

As TAC support for UID agent running on Windows 2012 is not available, Also for Terminal Server Agent on Windows 2012, I do see a feature request (FR ID : 3062) submitted to our development team.

Topic: Terminal Server Agent / Windows Server 2012 Support

Priority: High

FR ID: 3062

Please get in touch with your Palo Alto SE for the roadmap.

Apart from the above mentioned error, few customers confirmed the set-up running fine into their environment.


Refference : https://live.paloaltonetworks.com/message/27804#27804


Thanks


0 Likes Likes

Westcon2
L3 Networker
In response to HULK

‎05-05-2014 12:31 PM

I am using agent less and not the user-id agent. Besides this document is used to counter the error upon fetching the group mapping so that we can use it for Ldap authentication.

0 Likes Likes

StephenLiffen
L0 Member

‎08-13-2014 04:00 AM

Just for anyone interested - I had an intermittent issue with the error "Failed to execute op command" which I traced to be an issue with resolving DNS. It seems a DNS request was made each time and this was not reliable.

I changed server address from FQDN to IP addresses to resolve the problem.

Steve

0 Likes Likes
  • 5422 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks