I'm setting up User-ID.
The debug logs indicate that OpenEventLog failed.
This has been well documented since Aug 2019 (or 2020) when MS decided to release a patch that no longer allows the agentless UserID agent to function, and MS servers respond back with Access Denied.
Please de provision the agentless version, and instead, utilize either than StandAlone UserID agent (can be downloaded from their support site) or consider toward cloud based authentication, using PANW CIE (Cloud Identity Engine)
Thank you. I guess I did miss that important detail.
As a test, can you try installation and implementation as a Domain Admin account (just for confirmation)
If this works fine, then you know that this is a permission issue on the AD side and not from the PANW UserID agent side.
Usually, this becomes the root cause of errors.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!