Agentless User-ID Connection to Active Directory Server Not Connected

Agentless User-ID Connection to Active Directory Server Not Connected

75209
Created On 04/11/19 12:15 PM - Last Modified 04/24/19 14:45 PM


Symptom


– Active Directory server configured for Agentless User-ID.
– Server Monitoring connection status shows Not Connected.
– The User-ID logs have the following error message: 
Error: pan_user_id_win_log_query(pan_user_id_win.c:1349): log query for AD-Server failed: NTSTATUS: NT code 0x80041003 - NT code 0x80041003
Error: pan_user_id_win_get_error_status(pan_user_id_win.c:1040): WMIC message from server AD-Server: NTSTATUS: NT code 0x80041003 - NT code 0x80041003

– Service Account created in AD and is a member of below groups:
            - Distributed COM Users
            - Event Log Readers
            - Server Operators

– Shown in the screenshot below, see the "Not Connected" status in the Server Monitoring under Device > User Identification > User Mapping > Server Monitoring:
       User-added image

Environment


PAN-OS
Agentless User-ID

Cause


This could happen when the Enable Remote WMI Access is not allowed for service account.

Resolution


Run "wmimgmt.msc" on the command prompt to open the console and select these properties:
User-added image

From the security tab on the WMI Control Properties:
1.) Select the CIMV2 folder. 
2.) Click Security.
3.) Click Add and then select the service account.
4.) For this account, check both Allow for Enable Account and Remote Enable.
5.) Click Apply.
6.) Then click OK.

User-added image

Additional Information


For additional information on how to configure an agentless User-ID, please reference this article:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGGCA0
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLW6CAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language