05-29-2013 10:18 AM
We have been using the User-ID Agent and it has been working for over a year. On the 17th, the PAN stopped populating the traffic log with the user-id information. The Agent is working fine (user ids show up in the monitor) and the PAN is connecting the Agent, but no user information is showing up. I have checked through the config logs, and nothing has been changed besides some reverse NAT rules. There were server updates done at the same time (microsoft security updates) so that could be the issue, but I thought I would throw it out to the community to see if anyone else has had this happen to them recently. I am using ver 4.1.6.
01-15-2014 02:57 PM
Worked with TAC. After a FW restart, the User Agent started working again.
05-29-2013 10:39 AM
Hi,
It would help to look at the Uadebug log file in the User-id Directory for any errors.
Also, there are some known issues with UIA version 4.1.6 regarding the ip-mappings being dropped on the firewall.
Thanks,
Aditi
05-29-2013 10:54 AM
I have checked the debug log on the Agent and everything looks fine. What is strange is that everything has been working for over a year.
05-30-2013 02:33 AM
Hi,
If all info seem to be ok on the agent and be able to see user / IP mapping in then look in the PA: show user ip-user-mapping all
Is there any info ?
No, mean Pan has no user info in memory => either bug in Pan or communication issue between agent and pan
Yes mean mapping is ok. Are you sure that nobody (everybody have a ghost on his network) disable user identification on your Zone ? Rgds
V.
06-03-2013 12:15 PM
Just as an update.
I have been in contact with TAC with no joy so far. The PAN sows the userID for a very small fraction of the connections where it used to show the userid for all connections. I have been asked to upgrade to the newest software to see if that resolves the issue.
06-05-2013 11:01 PM
You might want to triple check that you have all domain controllers listed in the User-ID agent(s). We had our systems admins add a new domain controller without telling the firewall admins and noticed similar strange results. Tech support did not think to check for that but once we added in the new DC everything cleared up.
06-10-2013 06:11 AM
Thanks for the reply. I did check that all of the domain controllers were added. I event tried removing the configs for user-id and re-adding them with no success.
06-10-2013 06:46 AM
I noticed a similar issue with a newly installed device. Our problem came down to the network Zone not having the "Enable User Identification" flag set. So perhaps double check and make sure that hasn't gotten cleared on any of your network zones?
And what was your output from running show user ip-user-mapping all at the command line?
06-10-2013 07:59 AM
We have verified that "Enable User Identification" flag is set for the zones in question (and have disabled and re-enabled them).
show user ip-user-mapping all is blank.
01-15-2014 02:57 PM
Worked with TAC. After a FW restart, the User Agent started working again.
01-15-2014 03:01 PM
That is very interesting.So this means at last we may try restarting FW to solve problems...
Thanks for update.
01-05-2022 11:29 AM
If the issue is intermittent restart the management server
debug software restart process management-server
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
