Commit Error: Need to Config WMI Account and Password for Querying Microsoft Directory Servers. Commit Failed

Commit Error: Need to Config WMI Account and Password for Querying Microsoft Directory Servers. Commit Failed

78915
Created On 09/26/18 13:50 PM - Last Modified 07/07/25 19:13 PM


Symptom


The following error is encountered when trying to commit:

VSYS1

  Error: Need to config WMI account and password for querying Microsoft directory servers

Commit failed

Environment


  • PaloAlto Firewalls
    • User-id environment 

Cause


  • Commit errors

Resolution


Enter the WMI account information and commit the changes:

  1. Go to Device > User Identification > User Mapping
  2. Click the icon next to Palo Alto Networks User-ID Agent Setup
  3. Select WMI Authentication, as shown below:
    Capture.PNG
  4. Specify the WMI account and password here.
    This is a user account that exists on the user's domain that has the ability to read the security logs from domain controllers on the user's network.
  5. Commit to apply the changes.

 

This will allow a successful connection to the server, as shown below:

Capturehj.PNG

Additional WMI configuration can also be found on the “Device > user identification > User mapping > Server monitoring > User identification monitored server > Transport protocol” section of the config, pls see screenshot below for reference

If still experiencing incorrect permissions, refer to the following documents as the user needs to have permissions to have access to the WMI API on Windows:

 

owner: jlala
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsrCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language