User-ID Detection fails after install a second Terminal Server Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User-ID Detection fails after install a second Terminal Server Agent

L3 Networker

After installing 10 terminal server agents and 1 PAN-agent on a PA-2050 the appliance cannot connect to any agent.

admin@mi2-pan2> show user pan-agent statistics

Name             IP Address      Port    Vsys        State             Users  Grps  IPs       Activity Cnts Link Speed
----------------------------------------------------------------------------------------------------------------------
issdeploy        192.168.1.13    9995    vsys1       trying to connect 0      0     0         0             fast


admin@mi2-pan2> show user ts-agent statistics

Name             IP Address      Port    Vsys        State             Users  Blocks  Version
-----------------------------------------------------------------------------------------------
ms3-ctx1         10.53.222.31    5009    vsys1       trying to connect 0      0
ms3-ctx2         10.53.222.32    5009    vsys1       trying to connect 0      0
ms3-ctx3         10.53.222.33    5009    vsys1       trying to connect 0      0
ms3-ctx4         10.53.222.34    5009    vsys1       trying to connect 0      0
ms3-ctx5         10.53.222.35    5009    vsys1       trying to connect 0      0
ms3-ctx6         10.53.222.36    5009    vsys1       trying to connect 0      0
ms3-ctx7         10.53.222.37    5009    vsys1       trying to connect 0      0
ms3-ctx8         10.53.222.38    5009    vsys1       trying to connect 0      0
ms3-ctx9         10.53.222.39    5009    vsys1       trying to connect 0      0
ms3-ct10         10.53.222.40    5009    vsys1       trying to connect 0      0

The system says "trying to connect", but it did not, as we can proof with network snifffing.

The system works fine with 1 PAN-agent and 1 TS-agent.

5 REPLIES 5

L4 Transporter

Hello,

I believe this is a bug. Please call into support in order that it can be verified.

thank you,

Stephen

L1 Bithead

Isn't this because you need different port numbers for each agent?

robert.blazye schrieb:

Isn't this because you need different port numbers for each agent?

No, because of the different ip destinations it is not.

After a reboot of the Palo Alto System, all works well.

I was thinking that it was the agent talking to the PAN, but it is the PAN talking to the agent. I'm sure I was originally told that I had to have a unique port number for each agent, be it TS agent or User ID agent.

Reboot was the correct solution

  • 3094 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!