Below could be one issue that you are seeing in your environment. USER-ID AGENT GENERATING DCOM AND KERBEROS SYSTEM ERRORS (10036)
Resolution
Issue
The User-ID Agent is generating three different types of system errors:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server. The target name used was **. This indicates that the password used to encrypt the Kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (****), and the client realm. Please contact your system administrator. Event Type: Error Event Source: Kerberos Event Category: None Event ID: 4 Date: 4/5/2012 Time: 10:41:02 AM User: N/A Computer:
DCOM was unable to communicate with the computer 1.1.1.1 using any of the configured protocols. Event Type: Error Event Source: DCOM Event Category: None Event ID: 10009 Date: 4/5/2012 Time: 10:41:02 AM User: N/A Computer:
DCOM was unable to communicate with the computer x.x.x.x using any of the configured protocols; requested by PID 404(C:\Program Files(x86)\Palo Alto Networks\User-ID Agent\UaService.exe).
Level: Error
Source: DistributedDCOM
Task Category: None
Event ID: 10028
Date: 11/22/2014 6:15:15PM
User: SYSTEM
Computer: domainPC.domain.local
Resolution
The DCOM and Kerberos errors could be due to WMI/Client probing for IPs that are not responding. Disabling WMI/Client probing may stop the system error messages. Another option is to test WMI connectivity to computers on the network using the following command from the Windows command prompt:
c:> WMIC/Node:<remote computer> ComputerSystem Get UserName
To turn off WMI probing on the USER-ID agent you can follow this link.