cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

PAN-OS User-ID Issue and Workaround

L2 Linker

I upgraded to PAN-OS 10.0 yesterday and encountered an unusual bug when pushing out a config to my 3220.  I opened a case, but figured I would post it here as well, but don't expect screenshots.

 

Symptom:

 

After the Panorama upgrade a commit to the 3220 was giving the following error:

 

Need to config WMI account and password for querying Microsoft directory servers

 

If I switch to WinRM-HTTP(s) I got similar error but referring to missing dns name.

 

Observations:

 

After some digging and after verifying I was not crazy and Panorama had the username, password and domain name, I removed the server monitors and was able to push a config.  A quick look on the firewall I noticed that the server monitoring account as empty, and appears that panorama is not pushing the settings correctly.  Firewalls run 9.1.3 currently.

 

Workaround: 

 

To resolve the issue, I overrode the User-ID settings on the firewall and added the account info, and just have Panorama pushing the the servers to monitor.  This resolved the issue in my case, but does leave that overrode setting that still needs to be addressed.

 

Hopefully this helps somebody in case you have the same problem, or if you have another solution to fix the override I would like to hear that.

Who Me Too'd this topic