This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About MEDOCHEMIE
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About MEDOCHEMIE
05-09-2023
3Posts
0Likes
0Solutions
May 09, 2023Last Visited
User
Activity
User
Profile
Latest posts by MEDOCHEMIE
| Subject | Views | Posted |
|---|---|---|
| 664 | 02-01-2023 09:48 PM | |
| 1832 | 02-01-2023 03:28 AM | |
| 752 | 12-26-2022 01:40 PM |
User Badges
Community Statistics
| Member Since | 10-27-2022 01:48 AM |
| Date Last Visited | 05-09-2023 02:47 AM |
| Posts | 3 |
02-01-2023
09:48 PM
Hi @TomYoung,
unfortunately i did not find something that will work in our case.
We don't want to disable AgentLess UserID nor to perform the reg hacks for DCOM access.
WinRM-HTTPS with Kerberos should have been working natively according to PaloAlto.
There is something else messing which i cannot find it.
... View more
02-01-2023
03:28 AM
We have change to "WinRM over HTTPS with Kerberos" and we are still getting the event log error :
The server-side authentication level policy does not allow the user Domain\userid SID (S-XXXXXXXXXXXXXXXXXXXXXXX) from address FW_INTERNAL_IP to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
What could be still active?
... View more
12-26-2022
01:40 PM
trying to establish S2S VPN between Palo Alto 850 and Checkpoint SMB
Certificate based authentication (MS enterprise CA)
The ikev2 is complaining :
====> Initiated SA: XXX.XXX.XXX.XXX[500]-YYY.YYY.YYY.YYY[500] SPI:dcb4c37f6f955782:0898ce67edab9913 SN:8962 <==== 2022-12-26 23:34:49.355 +0200 [PWRN]: { 4: }: XXX.XXX.XXX.XXX[500] - YYY.YYY.YYY.YYY[500]:0x19961dc0 ignoring unauthenticated notify payload (NAT_DETECTION_SOURCE_IP) 2022-12-26 23:34:49.355 +0200 [PWRN]: { 4: }: XXX.XXX.XXX.XXX[500] - YYY.YYY.YYY.YYY[500]:0x19961dc0 ignoring unauthenticated notify payload (NAT_DETECTION_DESTINATION_IP) 2022-12-26 23:34:49.363 +0200 [INFO]: { 4: }: build IKEv2 CR payload[0]: 'CN=ABC Root CA' 2022-12-26 23:34:49.363 +0200 [INFO]: { 4: }: build IKEv2 CR payload[1]: 'CN=ABC Issuing CA 1,DC=ABC,DC=local' 2022-12-26 23:34:49.363 +0200 [INFO]: { 4: }: build IKEv2 CR payload[2]: 'O=AA:SS:AA:SS:AA:SS..8d67yo' 2022-12-26 23:34:49.394 +0200 [INFO]: { 4: }: cert received: subject=CN=CPGW 2022-12-26 23:34:49.394 +0200 [INFO]: { 4: }: cert received: issuer=CN=ABC Issuing CA 1,DC=ABC,DC=local[ee?] 2022-12-26 23:34:49.394 +0200 [INFO]: { 4: }: CR 'CN=ABC Issuing CA 1,DC=ABC,DC=local' received, trust CA founABCCA1 2022-12-26 23:34:49.397 +0200 [PERR]: RSA_verify failed: 0:error:04091068:rsa routines:int_rsa_verify:bad signature:crypto/rsa/rsa_sign.c:228: 2022-12-26 23:34:49.397 +0200 [PERR]: Invalid SIG. 2022-12-26 23:34:49.397 +0200 [PERR]: { 4: }: XXX.XXX.XXX.XXX[500] - YYY.YYY.YYY.YYY[500]:0xffcc0f19a0 authentication failure 2022-12-26 23:34:49.397 +0200 [INFO]: { 4: }: XXX.XXX.XXX.XXX[500] - YYY.YYY.YYY.YYY[500]:0xffcc0f19a0 authentication result: failure 2022-12-26 23:34:49.397 +0200 [INFO]: { 4: }: XXX.XXX.XXX.XXX[500] - YYY.YYY.YYY.YYY[500]:(nil) closing IKEv2 SA CPGW-Site:8962, code 15 2022-12-26 23:34:49.397 +0200 [PNTF]: { 4: }: ====> IKEv2 IKE SA NEGOTIATION FAILED AS RESPONDER, non-rekey; gateway CPGW-Site <==== ====> Failed SA: XXX.XXX.XXX.XXX[500]-YYY.YYY.YYY.YYY[500] SPI:dcb4c37f6f955782:0898ce67edab9913 SN 8962 <====
I could not find something specific for the RSA_verify , Invalid SIG.
Any thoughts what could be the issue?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-09-2023
02:47 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks