Seems not long after PAN OS upgrade to 10.1.3 we started seeing errors in our system event viewer logs for DCOM 10036 coming from our account that we use for LDAP on our PAN OS. They all reference the IP of our PAN OS as the originator. The logs are full of this error sometimes 3 or 4 times on the hour. Normally, I dont pay a lot of attention to DCOM errors but on every server in our entire forest to have this issue is a problem for me.
Hi @SRashedi ,
Isn't this related to Windows patch KB5005568 ?
Server 2019 update KB5005568 (Sept 2021) forcing new DCOM authentication prematurely
Quote from that page:
" We are having the same issue with the DCOM error 10036 after installing KB5005568, also with 2019 DC's. The problem went away after removing KB5005568. Other than filling the System event logs on the DC's, we have not seen any problems with our Palo Alto connectivity to AD. "
There is an option to use WinRM-HTTP or WinRM-HTTPS as the transport protocol for Sever Monitoring which could stop those messages as WMI would no longer be configured.
I've included the tech doc links below if you like to review the process:
-Configure Server Monitoring Using WinRM
Hope this helps,
Links sometimes get funky in posts, but the following link details WinRM support and further links to specific configuration examples in each of the three available methods.
If any of you are seen the 10036 MS error on the server side, even after migrating to WinRM, please proceed to disable the "Client Probing" feature, this should fix the error message on the server side.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!