User-ID stopped populating mappings - OS 4.0.12

Showing results for 
Show  only  | Search instead for 
Did you mean: 

User-ID stopped populating mappings - OS 4.0.12

Not applicable

I am running OS 4.0.12 and have an issu with the user-ID / mappings not populating in the logs. 

show user pan-agent statistics:

IPs      Activity Timer(s) Domain          Index

ncmpdcden01    5009  vsys1   *connected, ok     989    906

651185   21844256 600      ncm             0

show user ip-user-mapping:

IP              Ident. By User                             Idle Timeout (s) Max.

Timeout (s)

Total: 0 users

I read in documentation how to restart the service via the PAN CLI, but the debug user-id, etc command is not available in 4.0.12...  How can I restart the user-id connection?  Or is there a better way to correct this issue?  The PAN service on the DC's have already been restarted.



L5 Sessionator

You can restart the user-id process on the 4.0.12, by restarting the device server.

>debug software restart device-server

Hope that helps.



Will the >debug software restart device-server command impact traffic?

For an HA pair, should this command be executed on each one or just the active?

Just running the command on the Active device should be enough and it should ideally not affect the traffic as device server is a module that belongs to the management plane.

The device server takes care of pushing configuration to the DP, and is also responsible for URL filtering requests/responses, along with handling user id functions. The device server usually comes up real quick after we restart the service. But you can still execute the command after office hours to be on a safer side.

You can execute this command on the active, and the active firewall will synchronize the new information that it learnt after restarting the device server to its peer.

Best regards,


After running the command, I still do not see user ID's populating in the logs, etc.  Any other ideas?

Please try the steps mentioned in these links.

Can you attach the output of the command,

>tail lines 500 mp-log devsrvr.log

Best regards,


L6 Presenter

we had the same issue with panagent before.I cannot be sure if they are the same issue but restarting services and also management plane did not solve our was fixed with reboot completely

I went through the documentation and verified settings, etc.  The agent is connected...  but not reporting any data to populate the user-id in the logs.  Any other suggestions?

Have you tried restarting the user-id service on the machine on which the pan_agent is installed?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!