- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-19-2021 01:19 AM - edited 10-19-2021 02:07 AM
Hello team
I am facing an issue with User ID and AD . It continuously stays on connecting... however it seems that some user is assigning. Can someone help me?
10/19/21 10:47:24:139[ Info 2357]: ------------Service is being started------------
10/19/21 10:47:24:139[ Info 2364]: Os version is 6.2.0.
10/19/21 10:47:24:139[ Info 685]: Load debug log level Info.
10/19/21 10:47:24:139[ Info 699]: IP user mapping sending interval is 100 ms. Add 'SendInterval' with value range [10, 200] under SOFTWARE\Wow6432Node\Palo Alto Networks\User-ID Agent\Log
10/19/21 10:47:24:139[ Info 634]: Service version is 9.1.2.9.
10/19/21 10:47:24:139[ Info 702]: Product version is 9.1.2.
10/19/21 10:47:24:139[ Info 1240]: Found 0 ACL config. 0 processed.
10/19/21 10:47:24:139[ Info 1268]: Found 0 VM info source config. 0 processed.
10/19/21 10:47:24:139[ Info 1276]: Found 0 Syslog Profile(s) config.
10/19/21 10:47:24:139[ Info 1338]: Found 3 server config.
10/19/21 10:47:24:139[ Info 1373]: Found 2 include-exclude networks. 2 processed.
10/19/21 10:47:24:139[ Info 1398]: Found 0 custom log format config.
10/19/21 10:47:24:139[ Info 1405]: No xml element servercert.
10/19/21 10:47:24:139[ Info 148]: Load 8 build-in formats and 0 custom formats for parsing security log.
10/19/21 10:47:24:139[ Info 345]: DC security log and session query threads for server xxxxl(index 0) are started.
10/19/21 10:47:24:139[ Info 345]: DC security log and session query threads for server xxxx(index 1) are started.
10/19/21 10:47:24:139[ Info 345]: DC security log and session query threads for server xxxx(index 2) are started.
10/19/21 10:47:24:139[ Info 799]: Active Directory gets started.
10/19/21 10:47:24:139[ Info 834]: User-ID VM monitor service started.
10/19/21 10:47:24:154[ Info 1313]: Loaded 367 ip user mappings from file (UserIpMap.txt), took 0 seconds
10/19/21 10:47:24:154[ Warn 1237]: Unsupported file format for MachineIpMap.txt. We support ANSI and UTF-8 format.
10/19/21 10:47:24:154[Error 115]: Cannot open security log for DC xxxx - No se admite la operación solicitada.
10/19/21 10:47:24:154[Error 115]: Cannot open security log for DC xxxx - No se admite la operación solicitada.
10/19/21 10:47:24:154[Error 115]: Cannot open security log for DC xxxxl - No se admite la operación solicitada.
10-21-2021 06:55 AM
Hi @Alpalo ,
I've seen similar UIA connectivity issues to domain controllers and they were directly related to patch installation. Have you recently installed CVE patch related to CVE-2021-31958 ?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Vcg
Try setting your debug level to "Debug" level to get more verbose logging information (I think it's currently set to Informational).
Cheers,
-Kiwi.
10-21-2021 06:55 AM
Hi @Alpalo ,
I've seen similar UIA connectivity issues to domain controllers and they were directly related to patch installation. Have you recently installed CVE patch related to CVE-2021-31958 ?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Vcg
Try setting your debug level to "Debug" level to get more verbose logging information (I think it's currently set to Informational).
Cheers,
-Kiwi.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!