Palo Alto Networks Knowledgebase: Agentless User-ID Does Not Retrieve User-IP Mappings and Connection Failures Appear in System Logs

Agentless User-ID Does Not Retrieve User-IP Mappings and Connection Failures Appear in System Logs

6042
Created On 07/29/19 17:23 PM - Last Updated 07/29/19 17:51 PM
User-ID
Resolution

Issue

Agentless User-ID (introduced in PAN-OS 5.0) has been configured on a Palo Alto Networks firewall.  The system logs show "Connection failure" messages against the Domain Controller (DC). Pinging the FQDN of the DC verifies that the IP resolution is correct and the pings are successful.

 

Resolution

Check to make sure the username entered on the firewall for the Active Directory admin account matches the case sensitive format defined in AD. This is the account created to enable the firewall to access the event logs in AD.

 

Ensure that the IP address, not FQDN, is entered when configuring the server monitoring. An IP address should be entered into the Network Address field.
Screen Shot 2013-05-08 at 1.34.35 PM.png

 

owner: sjamaluddin



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clk4CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language