TS-Agent problem

L1 Bithead

TS-Agent problem


we ve got a problem with the TS Agent on out terminalserver. After some time the TS Agent doesnt submit new users to the PA Device or the users submitted have a form error. Nomally the syntax is domain\username, but when the error occurs all submitted users have the syntax domain\domain (look at the logs below). Prior to this we can see some events in the logs like "User logoff on session xx with other session still exists". We can solve the problem by restartet the TS Agent... Some ideas? Thx

10/04/11 14:59:55[Info  1840]: User logoff on session 10 with other session still exist. <<-- is this correct?
10/04/11 15:00:06[Dump  1227]: Client thread 0 enum events 1!
10/04/11 15:00:06[Dump  1538]: Client thread 0 recv packet 2.
10/04/11 15:00:06[Dump  1573]: Client thread 0 SSL write msg 39 52 bytes!
10/04/11 15:00:06[Dump  1227]: Client thread 0 enum events 0!
10/04/11 15:00:27[Debug  211]: Session 1 notify type 3(Remote Connect).
10/04/11 15:00:27[Debug  635]: Receive session notify event.
10/04/11 15:00:28[Debug  211]: Session 1 notify type 5(Logon).
10/04/11 15:00:28[Debug  635]: Receive session notify event.
10/04/11 15:00:28[Debug 1669]: Session 1, username wmustermann.
10/04/11 15:00:28[Debug 1678]: Session 1, domain name DOMAIN.
10/04/11 15:00:28[Info  1705]: User DOMAIN\DOMAIN logon again with another session. <<-- wronmg syntax!
10/04/11 15:00:28[Info  1775]: User DOMAIN\DOMAIN logon finishes on session 1. <<-- should be DOMAIN\wmustermann!

PA has 4.05 with newest TS agent x64

Not applicable

-  From the CLI, when the issue is happening, enter the following command from the CLI:show user ts-agent statistics.  Verify that the TS Agent shows connect

- If is it does show that it is connected, then enter the command "show system resources".  Hit the spacebar until you can see "devsrvr" and or "mgmtsrvr".  Verify that the Virtual Memory is  "Not" anywhere near 800m, if either of them is near that number then run the command "debug software restart device-server" or "debug software restart management-server".  After you restart the "management-server", you will need to to log back into the CLI and the WebUI.  This will not affect your user traffic.

- If this does not resolve your issue then call into support and any support engineer will be able to assist you

L1 Bithead

thx fot the answer, I checked the virtual devsrvr/mgmtsvr memory, it is about 200m, so far away from 800m. I think the problem is related to the ts-agent itselt. By restarting the service on the terminal server the problem is solved so far, but reoccurs again after some time.

Like I said, the ts-agent doesnt commit the correct username like DOMAIN/USERNAME instead it commits DOMAIN/DOMAIN to the firewall, what is denied. temporarely I created a task which restarts the agent server every 30 mins, but that cannot be definite solution.

I think the PA supports needs to look at this...

L1 Bithead


Did you ever get this solved. We are experiencing the same issue (running ts agent 4.0.1-86)

I don't know if it is possible to run TS agent 4.1.0-11 against the 4.0.9 PAN-OS. Does anyone know if this is possible ?



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!