02-07-2023 09:24 AM
Hi All,
I have a customer who had an issue with the WMI using agentless User-ID due to Microsoft security update.
We decided to move to Windows User-ID Agent installed on a domain member Windows Server 2016.
PAN OS 10.2.2 and installed agent version 10.2.1-101.
In the Data Redistribution i can see the agent is connected.
Customer found that if failover occurs, the agent is disconnected.
I was able to reproduce this in a lab running the same configuration on VMware.
I tried to upgrade to 10.2.3-hf2 but still the same behavior.
If i run the command "show user user-id-agent config all" on any gateway while secondary is active, i get the following output:
Server error : op command for client useridd timed out as client is not available
When the primary is active, i will get this error only when i run the command on the secondary (passive) gateway. The primary (active) will output the configuration.
If i run the command "show user user-id-agent state all" on the secondary when its passive i get the output:
Cannot get config from agent winsrv_user-id_agent: Error: Failed to connect to 10.10.100.30(10.10.100.30):5007
No User-ID Agent agents in vsys vsys1
This makes sense as it is passive and should not be able to connect. But when the secondary is active, i get only:
No User-ID Agent agents in vsys vsys1
Anyone has any idea regarding this behavior?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
