1. >tail follow yes mp-log distributord.log --- to look for error logs
2. if needed, turn on debug or dump level logs
admin@PA-VM-Site-B(active)> debug distributord on XXX
I got these error logs from tech support.
2022-08-01 11:00:55.141 +0800 Error: pan_user_id_agent_open_conn_i(pan_user_id_uia.c:2563): pan_user_id_ssl_conn_open(P xxx.xx.x.xx) failed: Error: Failed to connect to IP xxx.xx.x.x(IP xxx.xx.x.xx):5009
2022-08-01 11:00:55.141 +0800 Error: pan_user_id_agent_uia_show_config(pan_user_id_uia.c:2185): pan_user_id_agent_open_conn(IP xxx.xx.x.xx) failed: Error: Failed to connect to IP xxx.xx.x.xx(IP xxx.xx.x.xx):5009
any ideas how I could fix this? Thanks.
-looks like transmit layer level reachability issue.
-make sure the firewall can reach the destination ip:5009 from the specified source of user-id service.
-take a tcpdump on the management port, then view the pcap:
> tcpdump filter "host X.X.X.X and port 5009"
> view-pcap mgmt-pcap mgmt.pcap
-might as well open a case to PA TAC
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!