User ID agents showing as red

Showing results for 
Search instead for 
Did you mean: 

User ID agents showing as red

L3 Networker

I have 3 separate domains on my network and they are not trusted together.  On my main domain where the firewall is installed the agent shows green, however when I install the agent under the remote domains (on different subnets across the country) the icon is red.  The settings match my 2 main domain controllers that are working.  When I look at the remote DCs they are reading the log files.  Also port 5007 is reachable from the outside.  Any thoughts on why they aren't connecting?  I am not seeing any details as to why.


L5 Sessionator


Try to configure different port for each agent on your palo

AD1 - port 5007

AD2 - port 5008

AD3 - port 5009

and of course be sure that your palo is able to contact each of your agent 🙂 through the management interface by default

Should solve your issue


I am using the Windows agent (not the one on the PAN) are you suggesting that I change the port on my remote DCs?


no, just in both palo (device / User Identification / User-IDAgent) and on each agent, just the comunication port. No change on the AD


I have the agents running on my remote domain controllers.  I changed to port 5008 on a remote domain controller (where the agent is running) and to 5008 on the PAN.  Still showing red.

sure that communication on port 5008 is possible from management interface on the palo and your remote AD ?

No FW on the AD ?

Which Pa model ?

Which version on the PA ?

Which version on the agent ?


I can ping between management interface and remote DCs and open a telnet session to the remote agent ports.  I am running a 3020 with version 5.0.5.  Also the agent is the latest 5.0.4-5

Please run

show user user-id-agent state Name-Agent

show user user-id-agent statistics



        Status: not-conn:idle(Error: Failed to connect to User-ID-Agent at

        num of connection tried                           : 75

        num of connection succeeded                 : 0

        num of connection failed                          : 75

REMOTESVR1    5009  vsys1   not-conn:Connecting 0

Either something is blocked between manegemnt and remote agent (something in logs ?) or it's a bug then  contact your local SE.


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!