User-ID Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User-ID Agent

L2 Linker

I have the User-ID agent on one of my domain controllers and I have the firewalls set to get the ID from that and it gets some ID's but doesnt seem to get all. So I thought maybe add active directory and exchange server monitoring. 

 

But I get errors in the panorama sysem log that just say connect-server-monitor-failure I set the account to domain admn even to see if it was a permission issue and its still saying this. Is there any way in the PA to get a better error that will give me more detail about why exactly its failing to connect?

 

2 REPLIES 2

Cyber Elite
Cyber Elite

run 'less mp-log useridd.log' on the CLI and look for the actual error. 

Is your UIA service actually being "ran as" a service account with rights to get logs from the DC?  Does the UIA application have the correct service account ID/PW in the application?  (BTW if you set the DC for the service account to have the right permissions on the DC that service account doesn't need to be a domain admin...and it's good security practice for it not to.)

 

If you follow the steps (step by step) on setting up UIA you shouldn't have any issues.  

 

I have 4 UIAs in my environment.  Have had them for the past 5 years and haven't run into a problem other than not having the right ID and PW.

 

Also make sure your UIA version is installed on the right OS platform.

  • 2424 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!