About ademo-user25

Hi All, I have a customer who had an issue with the WMI using agentless User-ID due to Microsoft security update. We decided to move to Windows User-ID Agent installed on a domain member Windows Server 2016. PAN OS 10.2.2 and installed agent version 10.2.1-101. In the Data Redistribution i can see the agent is connected.   Customer found that if failover occurs, the agent is disconnected. I was able to reproduce this in a lab running the same configuration on VMware. I tried to upgrade to 10.2.3-hf2 but still the same behavior.   If i run the command "show user user-id-agent config all" on any gateway while secondary is active, i get the following output: Server error : op command for client useridd timed out as client is not available When the primary is active, i will get this error only when i run the command on the secondary (passive) gateway. The primary (active) will output the configuration.   If i run the command "show user user-id-agent state all" on the secondary when its passive i get the output: Cannot get config from agent winsrv_user-id_agent: Error: Failed to connect to 10.10.100.30(10.10.100.30):5007 No User-ID Agent agents in vsys vsys1 This makes sense as it is passive and should not be able to connect. But when the secondary is active, i get only: No User-ID Agent agents in vsys vsys1   Anyone has any idea regarding this behavior? ... View more