Hoping someone else has run into this. I have been implementing UID redistribution in our PAN environment. I've stumbled across a few firewalls that will not establish a connection on port 5007, once the UID service is moved off of the default Mgmt interface (yes, appropriate firewall rules are in place). The system logs spit out an error like this:
User-ID Agent datacenter_redist_1(vsys1): Error: Failed to Connect to xxx.xxx.xxx.xxx(source: xxx.xxx.xxx.xxx), SSL error: error:00000000:lib(0):func(0):reason(0)(5) details: none
I was able to replicate this in the lab and found the error might be related to failover to the PASSIVE firewall. Upon failover I found this in the useridd.log:
Error: pan_ssl_conn_open(pan_ssl_utils.c:755): pan_tcp_sock_open() to xxx.xxx.xxx.xxx port 5007 failed; errno=150
Any ideas or suggestions would be appreciated.
Did you resolve this issue ?
I am getting the same issue.
Error: pan_user_id_agent_open_conn_i(pan_user_id_uia.c:2556): pan_user_id_ssl_conn_open(192.168.26.249) failed: Error: Failed to Connect to 192.168.26.249(source: 192.168.26.200), SSL error: error:00000000:lib(0):func(0):reason(0)(5)
I ran into the same issue about 2 months ago. I restarted the userid process on one of my UserID box and that addressed the issue, that pair was using content update older than 8507. After that I upgraded all the UserID redist firewall newer content (>8507), I don't have that same issue again. Can you check if the firewall content release version is newer than 8507?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!