User ID Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

User ID Agent

L3 Networker

I have a problem where the user id Agent is reporting the wrong user to an IP.

For example, user a is 10.1.1.5 and has id test1

Sometimes user b with an id of test 2 shows up with 10.1.1.5 which is not accurate, if I do a show user Ip mapping it shows test 1 is mapped to 10.1.1.5 and test 2 is mapped to a 10.2.2.5.

These are example IP's.


What is happening user A is being mis identified so blocked applications are allowed throught.  If i show session ID on 10.1.1.5 for skype it shows user id test2, but all other Session IDS show test1 as the user.

10 REPLIES 10

L5 Sessionator

markk96

Could you verify if there is any service running on that machine (10.1.1.5) that might be using the login of user test 2 ?

Also check the domain controller eventvwr security logs related to user test2.

I have 24 user id agents deployed in remote agents all reporting back to the firewall.

I only see user ID 2 on the firewall in the skype application traffic that I am trying to block to user ID1.

User ID 1 is in a totally different office location about 400 miles apart than user ID 2.  User ID2 has never traveled and gotten an IP address from the User ID office location.

L3 Networker

I will also say this is happening to multiple users.

markk96,


Even though the users are in different locations, It could be possible that the machine (10.1.1.5) is a shared resource that can be accessed from multiple locations by many users.

This could explain why the issue might be occurring with multiple users.


Thanks

No that is not the case.  Thanks.

L6 Presenter

have you fixed the issue ?

how many dc do you have ?

any agents are installed on dc ?

L3 Networker

This is a problem with SKYPE and the way the Palo ID's users.

very interesting, user-id not working properly only for Skype.

better to open a case I think.

Controlling Skype

See page 4.

Yes I have seen page 4, skype is using other clients as a proxy via the supernode option.  I have a case open with support and not much success, this is why we abandoned the PALO for blocking skype and controlling it with group policy on the ad domain.  This works better.

  • 5777 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!