PANOS Integrated UserID with WINRM

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PANOS Integrated UserID with WINRM

L0 Member

Hello,

 

I am trying to configure PANOS(10.1.8) Integrated UserID with Wndows AD 2016 (with Kerberos).

I am getting  "Access Denied" status under User Mapping --Server Monitoring 

I have validated that user is part of below security groups on AD 

  • Distributed COM Users
  • Event Log Readers
  • Remote Management Users
  • Server Operators

 

I see below logs 

 

 Error: pan_user_id_winrm_query(pan_user_id_win.c:2751): failed to connect to winrm server XXXXXX in vsys 1
 Error: pan_user_id_winrm_error(pan_user_id_win.c:2644): HTTP 500: s:Senderw:AccessDeniedAccess is denied. Access is denied.
 Error: pan_user_id_winrm_query(pan_user_id_win.c:2795): Connection failed. response code = 500, error: (null) in vsys 1, server=XXXXXX

 

 

 

Reffered below KB Articles/ links but could not get through.

https://live.paloaltonetworks.com/t5/general-topics/best-way-of-doing-user-id-mapping-wmi-winrm-http...

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VUICA2&lang=en_US%E2%80%A...

 

 

Any inputs will be appreciated. 

 

 

2 REPLIES 2

Cyber Elite
Cyber Elite

@nileshgurav,

If the user account has been setup properly now you have to move on to looking at Windows Remote Management itself? Has it been setup on the host to actually run, does the firewall have permission to use it or is it restricted, is the listener actually setup properly? 

L0 Member

This was resolved by giving user account super admin privilage (domain admin ) on AD as last resort.Thank You.

  • 2002 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!