User-ID not populating after Microsoft patching - Warning

cancel
Showing results for 
Search instead for 
Did you mean: 

User-ID not populating after Microsoft patching - Warning

Cyber Elite
Cyber Elite

Hello All,

Just wanted to post this in case anyone else ran into it. Microsoft release patches as they normally do, however there is one that might break user-id, June 8, 2021—KB5003671 (Monthly Rollup). There is a warning in the notes: 

 

After installing this or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain legacy Event Logging APIs. You might receive an error when attempting to connect.

 

Link to notes and patch: https://support.microsoft.com/en-us/topic/june-8-2021-kb5003671-monthly-rollup-a1359a77-3932-46f9-8c...

 

What they are saying is if the server that hosts user-id is patched and the server that the user-id agent reaches out to is not, it might not connect.

 

In our case we are monitoring Exchange, gets patched manually and the server that hosts the user-id agent gets patches automatically. So our solution was to install the user-id agent onto the Exchange server to get us going in the short term. You'll have to add the agent to the PAN's and make sure security policies are updated as applicable.

 

Hope this can help someone.

 

Cheers!

1 REPLY 1

Cyber Elite
Cyber Elite
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!