This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Windows User-ID Agent Access is denied

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Windows User-ID Agent Access is denied

jonathanb
L1 Bithead

‎05-30-2023 04:16 PM

I'm setting up User-ID.

 

  1. i have a windows server 2012r2 domain controller, and a windows server 2019 domain member for the agent software.
  2. I have configured a service account with user rights assignment to allow logon as a service on the agent host.  i have configured permissions to the install directory and to the registry key for the software.
  3. I have added the account to the Event Log Readers and Distributed COM Users groups.
  4. I have created a firewall rule on the DC to allow all connections from the agent host server.

The debug logs indicate that OpenEventLog failed.

0 Likes Likes
3 REPLIES 3

S.Cantwell
Cyber Elite
Cyber Elite

‎06-12-2023 12:31 PM

Hello there

 

This has been well documented since Aug 2019 (or 2020) when MS decided to release a patch that no longer allows the agentless UserID agent to function, and MS servers respond back with Access Denied.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkkfCAA&lang=en_US%E2%80%A...

 

Please de provision the agentless version, and instead, utilize either than StandAlone UserID agent (can be downloaded from their support site) or consider toward cloud based authentication, using PANW CIE (Cloud Identity Engine)

 

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-new-features/identity-features/cloud-identity-e...

Help the community: Like helpful comments and mark solutions
0 Likes Likes

jonathanb
L1 Bithead
In response to S.Cantwell

‎06-12-2023 01:15 PM

Thanks.  If it wasn't clear, the windows agent host is in use because i'm using the windows agent.

0 Likes Likes

S.Cantwell
Cyber Elite
Cyber Elite

‎06-15-2023 05:55 AM

Thank you.  I guess I did miss that important detail.
As a test, can you try installation and implementation as a Domain Admin account (just for confirmation)

If this works fine, then you know that this is a permission issue on the AD side and not from the PANW UserID agent side.

Usually, this becomes the root cause of errors.

Please advise.

Help the community: Like helpful comments and mark solutions
0 Likes Likes
  • 4264 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks