Credential Phishing Protection troubleshooting

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Credential Phishing Protection troubleshooting

L1 Bithead

hey community - 

 

tearing my hair out here...I've set up a RoDC in my environment and added a test group to the allowed password replication group.  I've configured the user and credential agents on the RoDC and they say connected to my firewall, and also successfully connect to the other dcs.  I can see my user to ip mapping for my test account.  On the firewall I've created a User ID agent that shows connected as well. 

however,  show user credential-filter statistics shows zero entries, I'm also seeing this in the user id logs:

 UIA CredentialChecking error: credential enabled but no digest.

 

What am I missing here?  thanks for any advice!!

11 REPLIES 11

L4 Transporter

Dear @Laura_Penhallow

were you able to find a solution for your problem?

Best Regards
Chacko

Hi Chacko42, 

I should have replied here when I solved this particular issue.  For the benefit of others (I don't think this is documented anywhere yet), the version of Credential & User-id agents have to be equal or less than the PAN-OS on the firewalls doing the checking.  

thanks for pinging here and reminding me! 🙂

L3 Networker

Hi, found your post and wondered if you could point me in the right direction.

 

Trying to implement this as well in our environment. 

I have build a RODC and installed both programs 

2019-06-06 10_18_58-Software Updates.png

Running PAN-OS version 8.1.7

 

I am running into some problems though.

The User_ID agent runs as a service. At first via the Local System Account but if you configure it to run with a dedicated account it wants to run the service with this account

 

2019-06-06 10_23_34-mRemoteNG - mremote.xml - ADS04 - RODC.png

Although the account is configured to run-as-a-service in the default domain policy it throws in an error when you start the service.

 

2019-06-06 10_29_05-mRemoteNG - mremote.xml - ADS04 - RODC.png

I have used the following instructions to set this up

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/prevent-credential-phish...

 

Are there any additional instructions that I need to follow to implement this correctly on a RODC (Server 2012R2)?

 

Remko

 

 

L1 Bithead

Hey Remko,

 

Have you tried walking down your version at all?  I'm not running 8.1 at the edge just yet - and I'm wondering if there are bugs in the 8.1. versions?   I'm running 8.0.10 right now for both agents - but I'm interested to know if its versioning since I'm headed to 8.1 on the border firewalls really soon. 

 

let me know what you think? 

Laura

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!