04-24-2017 10:47 AM
About a month ago, I upgraded PAN-OS on our main PA-3050 HA cluster from 7.0.8 to 7.1.8. This also required an update of the User ID Agent I had installed on a Windows 2012 R2 server from a 6.0.x version to a 7.0.x version; I upgraded to version 7.0.7-13.
I've started to receive reports that some individuals are seeing the captive portal and a request for authentication when visiting websites on the Internet several times a day. I actually experienced this myself for the first time today. Other than the upgrades, no other User ID configuration changes have been made and my behavior using my work computer wasn't really any different than any other day.
I checked the PAN firewall connection to the User ID Agent and it was fine. I also have the PAN firewalls configured to connect to domain controllers and Exchange servers at a remote site using the built-in Server Monitoring and all of those are reporting as Connected as well.
Is anyone one else having a similar issue or can anyone help me troubleshoot this issue?
04-24-2017 12:06 PM
I have 100% of AD DS servers and Exchange servers added in either the User ID agent or the agentless connection from the firewalls themselves.
04-24-2017 02:54 PM
was it working for a while and then went to the portal? it may be that the association timed out and a WMI probe or a security related event didn't occur within that timeout time frame.
04-26-2017 05:54 AM - edited 04-26-2017 07:15 AM
Yes, it works for awhile and then the captive portal appears. I understand about the security event in the AD security logs, but what I don't understand is why it suddenly started happening to people more frequently than it used to. We haven't made any PAN-related User ID configuration changes in PAN-OS or on the User ID agent nor have made any significant changes to our workstations that would possibly explain why timeouts occur faster or why authentication events aren't appearing in AD as frequently as they used to.
Also, here are our various User ID settings related to repeating processes and timeouts:
04-26-2017 07:42 AM
I upgraded from 7.0.13 to 7.1.7 and I have tons of problems with USERID on the 7.1.x code. I had two tickets open and they opened two bugs for me. One of the problems was the useridd was crashing every several minutes. This was causing me all kinds of problems with userid including portal problems. They claimed my bugs were fixed in 7.1.9, but I'm sticking on the 7.0.x code for now.
08-29-2022 05:30 AM - edited 08-29-2022 05:32 AM
After updating firewalls and panorama to version 10.1.6-h6 the captive portal requires authentication at all times.
I don't know how the problem is related to the user agent version since it hasn't been changed.
Also after the version implementation it seems that there is now a token and we are no longer able to open the captive portal page via the URL.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!