Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

WinRM-HTTP fails with the error 401

L1 Bithead

Hello, I'd like to request some advice on trying to shift away from WMI to WinRM-HTTP/S based User-ID. 


I followed the set-up guide by Palo and User-ID server monitoring is able to connect to the domain controller over WinRM-HTTP, but only every hour. If I set session monitoring to something less than 3600 seconds, each attempt by the user-id service to get data from the DC is registered as the following error:


2022-02-21 23:51:04.488 -0500 Error: pan_user_id_winrm_query(pan_user_id_win.c:2736): failed to connect to winrm server http1 in vsys 1
2022-02-21 23:51:04.488 -0500 Error: pan_user_id_winrm_query(pan_user_id_win.c:2780): Connection failed. response code = 401, error: (null) in vsys 1, server=http1.


Then at the hour from the last successful connect it will connect again and get the data from the DC. So the system logs look like this with session monitor set to 20 minutes:


01:35 - Server monitor connected

01:50 - Server monitor connection failed, HTTP code 401, (null)

02:10 - Server monitor connection failed, HTTP code 401, (null)

02:30 - Server monitor connection failed, HTTP code 401, (null)

02:35 - Server monitor connected

etc etc


Does anyone know if there are more settings that need to be set on the DC that are not in the documentation?

Did not see any logs of use on the DC side that would clarify the issue



Who Me Too'd this topic