Windows User-ID Agent Access is denied

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows User-ID Agent Access is denied

L1 Bithead

I'm setting up User-ID.

 

  1. i have a windows server 2012r2 domain controller, and a windows server 2019 domain member for the agent software.
  2. I have configured a service account with user rights assignment to allow logon as a service on the agent host.  i have configured permissions to the install directory and to the registry key for the software.
  3. I have added the account to the Event Log Readers and Distributed COM Users groups.
  4. I have created a firewall rule on the DC to allow all connections from the agent host server.

The debug logs indicate that OpenEventLog failed.

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello there

 

This has been well documented since Aug 2019 (or 2020) when MS decided to release a patch that no longer allows the agentless UserID agent to function, and MS servers respond back with Access Denied.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkkfCAA&lang=en_US%E2%80%A...

 

Please de provision the agentless version, and instead, utilize either than StandAlone UserID agent (can be downloaded from their support site) or consider toward cloud based authentication, using PANW CIE (Cloud Identity Engine)

 

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-new-features/identity-features/cloud-identity-e...

Help the community: Like helpful comments and mark solutions

Thanks.  If it wasn't clear, the windows agent host is in use because i'm using the windows agent.

Cyber Elite
Cyber Elite

Thank you.  I guess I did miss that important detail.
As a test, can you try installation and implementation as a Domain Admin account (just for confirmation)

If this works fine, then you know that this is a permission issue on the AD side and not from the PANW UserID agent side.

Usually, this becomes the root cause of errors.

Please advise.

Help the community: Like helpful comments and mark solutions
  • 2676 Views
  • 3 replies
  • 0 Likes
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!