- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-17-2012 06:19 AM
Hi,
For no apparent reason my AD account is not generating reliable User->IP mappings via the UserID agent - after working fine for weeks.
As part of my investigations into this I can see that my User->IP map is being generated, appearing on the UserID agent list and being listed on the Palo Alto itself; then it will just disappear from both (I've been able to time it from appearing when I access a mapped drive, to dropping off, at less than 10 seconds).
Logically there must be some mechanism to purge user->IP maps - logoff AD events? - before the configured timeout value, but I can't find any descriptions, or how to diagnose an issue with this.
Anyone else had this issue - or similar?
Ta
03-17-2012 08:02 AM
After some initial investigations, turning OFF 'Server Session Read' in the agents appears to have stopped the unreliable mapping.
This appears to be linked to the Agent removing known maps if they disagree with the info coming back from the server session table. I am concerned that this fixes one problem and will create another, as the long term stability is likely going to be compromised if we cannot rely on the GPO update cycles to maintain the maps.
Does this ring any bells with people - seen it before, know why accurate maps are being removed by the server session tracking function?
Rgds
03-17-2012 08:02 AM
After some initial investigations, turning OFF 'Server Session Read' in the agents appears to have stopped the unreliable mapping.
This appears to be linked to the Agent removing known maps if they disagree with the info coming back from the server session table. I am concerned that this fixes one problem and will create another, as the long term stability is likely going to be compromised if we cannot rely on the GPO update cycles to maintain the maps.
Does this ring any bells with people - seen it before, know why accurate maps are being removed by the server session tracking function?
Rgds
03-22-2012 02:39 PM
Hello,
If you are running a multi-domain environment having 'Server Session Read' enabled can cause unreliable mappings. The reason for this is windows session reading does not contain domain info for the session.
- Stefan
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!