User-ID Agent Connecting Status

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User-ID Agent Connecting Status

L4 Transporter

Hello team

 

 I am facing an issue with User ID and AD .  It continuously stays on connecting... however it seems that some user is assigning. Can someone help me?

 

Alpalo_0-1634631406756.png

Alpalo_1-1634631536035.png

10/19/21 10:47:24:139[ Info 2357]: ------------Service is being started------------
10/19/21 10:47:24:139[ Info 2364]: Os version is 6.2.0.
10/19/21 10:47:24:139[ Info 685]: Load debug log level Info.
10/19/21 10:47:24:139[ Info 699]: IP user mapping sending interval is 100 ms. Add 'SendInterval' with value range [10, 200] under SOFTWARE\Wow6432Node\Palo Alto Networks\User-ID Agent\Log
10/19/21 10:47:24:139[ Info 634]: Service version is 9.1.2.9.
10/19/21 10:47:24:139[ Info 702]: Product version is 9.1.2.
10/19/21 10:47:24:139[ Info 1240]: Found 0 ACL config. 0 processed.
10/19/21 10:47:24:139[ Info 1268]: Found 0 VM info source config. 0 processed.
10/19/21 10:47:24:139[ Info 1276]: Found 0 Syslog Profile(s) config.
10/19/21 10:47:24:139[ Info 1338]: Found 3 server config.
10/19/21 10:47:24:139[ Info 1373]: Found 2 include-exclude networks. 2 processed.
10/19/21 10:47:24:139[ Info 1398]: Found 0 custom log format config.
10/19/21 10:47:24:139[ Info 1405]: No xml element servercert.
10/19/21 10:47:24:139[ Info 148]: Load 8 build-in formats and 0 custom formats for parsing security log.
10/19/21 10:47:24:139[ Info 345]: DC security log and session query threads for server xxxxl(index 0) are started.
10/19/21 10:47:24:139[ Info 345]: DC security log and session query threads for server xxxx(index 1) are started.
10/19/21 10:47:24:139[ Info 345]: DC security log and session query threads for server xxxx(index 2) are started.
10/19/21 10:47:24:139[ Info 799]: Active Directory gets started.
10/19/21 10:47:24:139[ Info 834]: User-ID VM monitor service started.
10/19/21 10:47:24:154[ Info 1313]: Loaded 367 ip user mappings from file (UserIpMap.txt), took 0 seconds
10/19/21 10:47:24:154[ Warn 1237]: Unsupported file format for MachineIpMap.txt. We support ANSI and UTF-8 format.
10/19/21 10:47:24:154[Error 115]: Cannot open security log for DC xxxx - No se admite la operación solicitada.

10/19/21 10:47:24:154[Error 115]: Cannot open security log for DC xxxx - No se admite la operación solicitada.

10/19/21 10:47:24:154[Error 115]: Cannot open security log for DC xxxxl - No se admite la operación solicitada.

 

1 accepted solution

Accepted Solutions

Community Team Member

Hi @Alpalo ,

 

I've seen similar UIA connectivity issues to domain controllers and they were directly related to patch installation.  Have you recently installed CVE patch related to CVE-2021-31958 ?

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Vcg

 

Try setting your debug level to "Debug" level to get more verbose logging information (I think it's currently set to Informational).

 

Cheers,

-Kiwi.

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

1 REPLY 1

Community Team Member

Hi @Alpalo ,

 

I've seen similar UIA connectivity issues to domain controllers and they were directly related to patch installation.  Have you recently installed CVE patch related to CVE-2021-31958 ?

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Vcg

 

Try setting your debug level to "Debug" level to get more verbose logging information (I think it's currently set to Informational).

 

Cheers,

-Kiwi.

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 1 accepted solution
  • 5269 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!