This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User-ID Agent Connecting Status

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User-ID Agent Connecting Status

Go to solution
Alpalo
L4 Transporter

‎10-19-2021 01:19 AM - edited ‎10-19-2021 02:07 AM

Hello team

 

 I am facing an issue with User ID and AD .  It continuously stays on connecting... however it seems that some user is assigning. Can someone help me?

 

Alpalo_0-1634631406756.png

Alpalo_1-1634631536035.png

10/19/21 10:47:24:139[ Info 2357]: ------------Service is being started------------
10/19/21 10:47:24:139[ Info 2364]: Os version is 6.2.0.
10/19/21 10:47:24:139[ Info 685]: Load debug log level Info.
10/19/21 10:47:24:139[ Info 699]: IP user mapping sending interval is 100 ms. Add 'SendInterval' with value range [10, 200] under SOFTWARE\Wow6432Node\Palo Alto Networks\User-ID Agent\Log
10/19/21 10:47:24:139[ Info 634]: Service version is 9.1.2.9.
10/19/21 10:47:24:139[ Info 702]: Product version is 9.1.2.
10/19/21 10:47:24:139[ Info 1240]: Found 0 ACL config. 0 processed.
10/19/21 10:47:24:139[ Info 1268]: Found 0 VM info source config. 0 processed.
10/19/21 10:47:24:139[ Info 1276]: Found 0 Syslog Profile(s) config.
10/19/21 10:47:24:139[ Info 1338]: Found 3 server config.
10/19/21 10:47:24:139[ Info 1373]: Found 2 include-exclude networks. 2 processed.
10/19/21 10:47:24:139[ Info 1398]: Found 0 custom log format config.
10/19/21 10:47:24:139[ Info 1405]: No xml element servercert.
10/19/21 10:47:24:139[ Info 148]: Load 8 build-in formats and 0 custom formats for parsing security log.
10/19/21 10:47:24:139[ Info 345]: DC security log and session query threads for server xxxxl(index 0) are started.
10/19/21 10:47:24:139[ Info 345]: DC security log and session query threads for server xxxx(index 1) are started.
10/19/21 10:47:24:139[ Info 345]: DC security log and session query threads for server xxxx(index 2) are started.
10/19/21 10:47:24:139[ Info 799]: Active Directory gets started.
10/19/21 10:47:24:139[ Info 834]: User-ID VM monitor service started.
10/19/21 10:47:24:154[ Info 1313]: Loaded 367 ip user mappings from file (UserIpMap.txt), took 0 seconds
10/19/21 10:47:24:154[ Warn 1237]: Unsupported file format for MachineIpMap.txt. We support ANSI and UTF-8 format.
10/19/21 10:47:24:154[Error 115]: Cannot open security log for DC xxxx - No se admite la operación solicitada.

10/19/21 10:47:24:154[Error 115]: Cannot open security log for DC xxxx - No se admite la operación solicitada.

10/19/21 10:47:24:154[Error 115]: Cannot open security log for DC xxxxl - No se admite la operación solicitada.

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
kiwi
Community Team Member

‎10-21-2021 06:55 AM

Hi @Alpalo ,

 

I've seen similar UIA connectivity issues to domain controllers and they were directly related to patch installation.  Have you recently installed CVE patch related to CVE-2021-31958 ?

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Vcg

 

Try setting your debug level to "Debug" level to get more verbose logging information (I think it's currently set to Informational).

 

Cheers,

-Kiwi.

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

1 REPLY 1

Go to solution
kiwi
Community Team Member

‎10-21-2021 06:55 AM

Hi @Alpalo ,

 

I've seen similar UIA connectivity issues to domain controllers and they were directly related to patch installation.  Have you recently installed CVE patch related to CVE-2021-31958 ?

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Vcg

 

Try setting your debug level to "Debug" level to get more verbose logging information (I think it's currently set to Informational).

 

Cheers,

-Kiwi.

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 1 accepted solution
  • 4144 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks