User ID and AD

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User ID and AD

L2 Linker

Hi,

I am trying to configure User ID with Active Directory. But stuck with some errors, listed below :

1) Unable to retrieve the Userid IP mapping information from Active Directory (win 2003 Sp2).

2) After installing the User ID Agent and configuring... when i click the commit button in User-ID Agent the Agent is not responding and hanging.  (In Win XP professional SP 3)

3) Everytime i press the commit i have to restart the device running User-ID Agent.

4) Even after all this ip and users are not able to fetch from AD it is showing an error "OpenEventLog failed for DC in Active Directory Server"

I am also attaching the screenshots of the error and topology

Can anyone please help me setup the User ID with Active directory or sight a reference for this?

Regards,

Raju Reddy

rajureddy@datacipher.net

10 REPLIES 10

L6 Presenter

Looking at the logs that you have provided this looks like an access rights issue.  The user-id agent should be configured with a DC administrator level username and password, so that when the user-id agent communicates with the windows server then it tries to read the security logs of the server which is possible only with a administrator level account that you have configured on the agent. So please try to change the username and password settings on the user-id agent and provide with a DC admin level account and let us know if you still have any issues.

For your reference, here are some of the documents that can help you in this process.

I hope this helps.

Thanks,
Sandeep T

Hi,

The Account that is used on the agent should have the rights to read the security log events from the DC generated by your host when authenticating on the DC. It could be any account but with RIGHTS to read the security events logs. Also in the Services go to User ID agent and log on settings and check if you have the correct account there or not?

Thanks,

Syed R Hasnain

Hi,

I am able to login into the AD using the same user account and view the Event Logs...

Please let me know if their is any way to test the user account...

Regards

Raju Reddy

Hi,

I have tried the process provided above.

Facing the similar problem...

Please let me know if their are any setting needed in Active Directory.

Regards

Raju Reddy

Not applicable

Facing exactly the same issue. can some one help?

If you've followed the documents provided by sdurga, and still have the same error message in the logs, I would suggest testing with a domain admin account, to see if you've done something wrong when setting the permissions for the account you're using.

The account needs to read users & groups as well as the "Manage auditing and security log" privilege.

Not applicable

I prefer to not have too many accounts with domain admin; I use the principal of least priviledge in our domain.  Therefore, I created a single user called "panuser".  I granted it permission in the domain controller GPO to read the DC event logs.  I made it a local admin on the server hosting the User ID agent, AND, I set the User ID service to start using that same account.  I did this for consistency as I have only one account to deal with if there is a problem.  Second, it seemed like not everything worked properly until I did this.

L0 Member

I am also having this issue multiple years later, seems like Palo Alto likes to keep consistency. Anyone still helping with this?

Me too. I suspect it may have something to do with recent windows patches. I patched the server with the latest MS patch for June 2021 and it broke immediately afterwards.

  • 10226 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!