cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

PANOS Integrated UserID with WINRM

L0 Member

Hello,

 

I am trying to configure PANOS(10.1.8) Integrated UserID with Wndows AD 2016 (with Kerberos).

I am getting  "Access Denied" status under User Mapping --Server Monitoring 

I have validated that user is part of below security groups on AD 

  • Distributed COM Users
  • Event Log Readers
  • Remote Management Users
  • Server Operators

 

I see below logs 

 

 Error: pan_user_id_winrm_query(pan_user_id_win.c:2751): failed to connect to winrm server XXXXXX in vsys 1
 Error: pan_user_id_winrm_error(pan_user_id_win.c:2644): HTTP 500: s:Senderw:AccessDeniedAccess is denied. Access is denied.
 Error: pan_user_id_winrm_query(pan_user_id_win.c:2795): Connection failed. response code = 500, error: (null) in vsys 1, server=XXXXXX

 

 

 

Reffered below KB Articles/ links but could not get through.

https://live.paloaltonetworks.com/t5/general-topics/best-way-of-doing-user-id-mapping-wmi-winrm-http...

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VUICA2&lang=en_US%E2%80%A...

 

 

Any inputs will be appreciated. 

 

 

Who Me Too'd this topic