11-16-2018 08:37 AM
I have the User-ID agent on one of my domain controllers and I have the firewalls set to get the ID from that and it gets some ID's but doesnt seem to get all. So I thought maybe add active directory and exchange server monitoring.
But I get errors in the panorama sysem log that just say connect-server-monitor-failure I set the account to domain admn even to see if it was a permission issue and its still saying this. Is there any way in the PA to get a better error that will give me more detail about why exactly its failing to connect?
11-16-2018 02:29 PM
run 'less mp-log useridd.log' on the CLI and look for the actual error.
11-21-2018 05:44 AM - edited 11-21-2018 05:45 AM
Is your UIA service actually being "ran as" a service account with rights to get logs from the DC? Does the UIA application have the correct service account ID/PW in the application? (BTW if you set the DC for the service account to have the right permissions on the DC that service account doesn't need to be a domain admin...and it's good security practice for it not to.)
If you follow the steps (step by step) on setting up UIA you shouldn't have any issues.
I have 4 UIAs in my environment. Have had them for the past 5 years and haven't run into a problem other than not having the right ID and PW.
Also make sure your UIA version is installed on the right OS platform.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
