03-24-2023 12:16 PM - edited 03-24-2023 12:30 PM
I am trying to configure PANOS(10.1.8) Integrated UserID with Wndows AD 2016 (with Kerberos).
I am getting "Access Denied" status under User Mapping --Server Monitoring
I have validated that user is part of below security groups on AD
I see below logs
Error: pan_user_id_winrm_query(pan_user_id_win.c:2751): failed to connect to winrm server XXXXXX in vsys 1
Error: pan_user_id_winrm_error(pan_user_id_win.c:2644): HTTP 500: s:Senderw:AccessDeniedAccess is denied. Access is denied.
Error: pan_user_id_winrm_query(pan_user_id_win.c:2795): Connection failed. response code = 500, error: (null) in vsys 1, server=XXXXXX
Reffered below KB Articles/ links but could not get through.
Any inputs will be appreciated.
03-24-2023 01:19 PM
If the user account has been setup properly now you have to move on to looking at Windows Remote Management itself? Has it been setup on the host to actually run, does the firewall have permission to use it or is it restricted, is the listener actually setup properly?
05-23-2023 06:21 AM
This was resolved by giving user account super admin privilage (domain admin ) on AD as last resort.Thank You.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!