This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Upgrade DCs to W2019 stop working Palo Alto agentless

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Upgrade DCs to W2019 stop working Palo Alto agentless

BigPalo
L4 Transporter

‎03-13-2025 02:39 AM

Hi,

 

We upgraded all ours DCs to W2019server and now the Palo Alto can not monitor the users. We use Agentless UserID.

 

So how can we fix it? 

0 Likes Likes
5 REPLIES 5

TomYoung
Cyber Elite
Cyber Elite

‎03-13-2025 04:14 AM

Hi @BigPalo ,

 

You may be running into this issue -> https://live.paloaltonetworks.com/t5/general-topics/user-identification-and-winrm-on-http/m-p/481674.

 

There is no fix to my knowledge for WMI.  For me, configuring WinRM-HTTP or HTTPS was too complicated, and migrating to the Windows User-ID agent was easy.  https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/map-ip-addresses-to-users/configu...

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎03-13-2025 02:49 PM

@BigPalo,

WinRM-HTTPS isn't that difficult to setup, but it is dependent on some back-end configuration that you're environment may or may not already be setup to utilize depending on how you're managing your Windows fleet. Personally the change took minutes to get configured, but it was primarily because WinRM was already setup and properly configured.

There are benefits of using the agent instead of agentless, but in general I personally find it a bit overkill for simple environments. Which method is utilized in deployments personally tends to be more of a conversation about the working dynamic between the server operations group and the group managing the firewall. Agentless is a bit more set and forget if those groups are confrontational versus maintaining the agent. 

0 Likes Likes

BigPalo
L4 Transporter
In response to BPry

‎03-17-2025 05:18 AM

The PanOS version is 9.1.x. Its a device in EoS. So i dont know if that has anything to do with Windows 2019.

Why stop working upgrading to W2019 DCs?  What is the change? Its documented?

0 Likes Likes

TomYoung
Cyber Elite
Cyber Elite

‎03-17-2025 07:23 AM

Hi @BigPalo ,

 

Here is the PAN-OS documentation.  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkkfCAA

 

What probably happened is that your previous servers did not have the patch.  MS announced that this security fix will be built into future releases.  You can find more details by following the 1st URL trail I posted.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

BigPalo
L4 Transporter
In response to TomYoung

‎03-17-2025 08:25 AM

Its possible to rollback the patch to work? Doing WinRM is quite annoying

0 Likes Likes
  • 587 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks