02-11-2013 11:22 PM
Hi,
I am trying to configure User ID with Active Directory. But stuck with some errors, listed below :
1) Unable to retrieve the Userid IP mapping information from Active Directory (win 2003 Sp2).
2) After installing the User ID Agent and configuring... when i click the commit button in User-ID Agent the Agent is not responding and hanging. (In Win XP professional SP 3)
3) Everytime i press the commit i have to restart the device running User-ID Agent.
4) Even after all this ip and users are not able to fetch from AD it is showing an error "OpenEventLog failed for DC in Active Directory Server"
I am also attaching the screenshots of the error and topology
Can anyone please help me setup the User ID with Active directory or sight a reference for this?
Regards,
Raju Reddy
02-11-2013 11:58 PM
Looking at the logs that you have provided this looks like an access rights issue. The user-id agent should be configured with a DC administrator level username and password, so that when the user-id agent communicates with the windows server then it tries to read the security logs of the server which is possible only with a administrator level account that you have configured on the agent. So please try to change the username and password settings on the user-id agent and provide with a DC admin level account and let us know if you still have any issues.
For your reference, here are some of the documents that can help you in this process.
I hope this helps.
Thanks,
Sandeep T
02-12-2013 08:38 AM
Hi,
The Account that is used on the agent should have the rights to read the security log events from the DC generated by your host when authenticating on the DC. It could be any account but with RIGHTS to read the security events logs. Also in the Services go to User ID agent and log on settings and check if you have the correct account there or not?
Thanks,
Syed R Hasnain
02-17-2013 06:12 AM
Hi,
I am able to login into the AD using the same user account and view the Event Logs...
Please let me know if their is any way to test the user account...
Regards
Raju Reddy
02-17-2013 06:18 AM
Hi,
I have tried the process provided above.
Facing the similar problem...
Please let me know if their are any setting needed in Active Directory.
Regards
Raju Reddy
02-25-2013 09:38 AM
If you've followed the documents provided by sdurga, and still have the same error message in the logs, I would suggest testing with a domain admin account, to see if you've done something wrong when setting the permissions for the account you're using.
02-25-2013 10:06 AM
The account needs to read users & groups as well as the "Manage auditing and security log" privilege.
04-01-2013 02:53 PM
I prefer to not have too many accounts with domain admin; I use the principal of least priviledge in our domain. Therefore, I created a single user called "panuser". I granted it permission in the domain controller GPO to read the DC event logs. I made it a local admin on the server hosting the User ID agent, AND, I set the User ID service to start using that same account. I did this for consistency as I have only one account to deal with if there is a problem. Second, it seemed like not everything worked properly until I did this.
06-23-2021 02:54 PM
I am also having this issue multiple years later, seems like Palo Alto likes to keep consistency. Anyone still helping with this?
06-24-2021 11:57 AM
Me too. I suspect it may have something to do with recent windows patches. I patched the server with the latest MS patch for June 2021 and it broke immediately afterwards.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
