Problems users with Windows 10 and User ID agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problems users with Windows 10 and User ID agent

L4 Transporter

Hello,

 

I need your help with the following scene:
I have some machines with Windows 10 Operative System and I have detected a problem with the PA Firewall. The Firewall is not detecting the user (UIA), so the policy rules are denying the access.

Panos firewall: 7.1.4
User Id Agent version: 7.0.4-5

I have machines with Windows 7 SO and I don't have any navigation problem.

According to release information of 7.0.7-13 or earlier (User-ID Agent), the Windows 10 OS is not compatible. And the Release information of 8.0.0-42 does not specify whether W10 is supported or not.

Could anyone help me? Does anyone know if 8.0.0-42 User ID Agent or other version is compatible?

 

Thanks and regards,

COS

1 accepted solution

Accepted Solutions

L4 Transporter

Hello all,

 

At the end, we disabled WMI and the problem was resolved. At the moment, we are working only with UIA and all devices working properly.

 

Thanks for your support.

 

Regards 

View solution in original post

10 REPLIES 10

L6 Presenter

That's going to be a big deal for me...thanks for the heads up.  My company is in the midst of upgrading all our clients to Win10.

 

--edit--

 

The OS compatibility is where the UIA itself can be loaded onto, not necessarily what OS of clients the UIA can detect.

 

I'd think as long as you're not changing the DC logs are being captured from it shouldn't be a problem.

 

 

Also, it might not be working (perhaps) if you were relying on WMI or NTLM querying of the end hosts?

Does anyone know what the timeline for 2016 AD server support is in UIA?

L3 Networker

I'm a little confused by your post. I have probably about 6000-8000 Windows 10 Pro machines in my environment now, and we have no issues. We have Windows 2012 R2 as domain controllers and I have UserID Agent running on a Windows 2012 R2 server, and I have no problems detecting who is logged into my Windows 10 machines from the domain security logs.

-Brad

Hi 

 

And what firewall, PanOs version and UserId agent version do you have installed?

 

best regards

 

COS

I've been running this same setup for several years, but right now

 

UIA 7.0.7-13 running on Windows 2012 R2 Server against 2012 R2 domain controllers in 2012 R2 fuctional level.

 

5050's in Active/Standby running 7.0.14

5060's in Active/Standby running 7.0.14

 

-Brad

Hi

 

I'm waiting for the end-customers answer. He used both ServerMonitoring and User-Id agent for user mapping, but didn't specified where the Windows10 users are mapped.

 

I'll kept you both informed. Thanks for your time

 

COS

I'll just throw in that I have a pretty good number of Windows 10 clients as well and I've not seen any issues getting the userids to come across. 

I'm just using Windows server monitor and I don't do any types of client probing as I have 30,000+ machines and it's just not reasonable to probe that many machines. We have a mix of Windows 7, 8.1 and 10 machines and as long as they authenticate to the domain we have no issues reading the user mapping from the domain security logs.

 

When I originally set this up it didn't work because I was not auditing the proper events on my domain controllers and I had problems with the ID dropping and had to set the cache to 1 minute more than my Group Policy refresh time, so I have my cache set to 121 minutes as I notice when the GPO refreshes it trips an event in the security log.

-Brad

This is question that needs a statement.

L4 Transporter

Hello all,

 

At the end, we disabled WMI and the problem was resolved. At the moment, we are working only with UIA and all devices working properly.

 

Thanks for your support.

 

Regards 

  • 1 accepted solution
  • 7646 Views
  • 10 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!