The monitored users displays duplicate device_name /location for multiple users in Strata Cloud manager Monitor Users report.

The monitored users displays duplicate device_name /location for multiple users in Strata Cloud manager Monitor Users report.

3348
Created On 12/30/23 03:44 AM - Last Modified 03/11/25 23:27 PM


Symptom


  • The Monitor > Users section on the Strata cloud manager shows the user states who are connected by Global Protect along with the experience score.
  • The report exported for current users and devices shows duplicate device_name  for multiple users even when they are different physical machines and unique usernames.Duplicate device_name
  • As seen in the screenshot above, the device_name is duplicated for multiple users. 
  • This only happens for users who are monitored by ADEM. 
  • The same behaviour can be observed for user locations as well. 
  • This is observed only for Windows users. 

 

Environment


  • ADEM (Autonomous Digital Experience Management) monitored users. 
  • Strata Cloud manager Monitor > Users section.
  • Prisma Access for users.
  • Windows OS only. 

Cause


  • This happens due to identical/duplicate windows GUID (globally unique identifier) on the users side.  
  • The ADEM retrieves the hostname/device_name and other attributes based on the unique GUID received when the DEM agent is installed.
  • The expectation is that all the users should have unique GUID. 
  • Duplicate GUID's can be created when the machines OS is cloned during deployment.

Resolution


  1. Work with the IT team to make sure the all the windows machines have unique GUID.
  2. Once the GUID is unique, Disable the ADEM user experience for the impacted users (this will uninstall the DEM agent for them)
  3. Once done, Enable it again from portal to install the DEM agent again and the new data should show correct unique device_names instead of duplicates.
  4. Refer to this guide to enable/Disable ADEM. 

Additional Information


  • There is no issue here on the Cloud manager or ADEM agent. 
  • The windows GUID is expected to be unique and is a OS installation/deployment or OS Vendor issue.
  • This is also documented in ADEM known issue release notes here . (Search for DEM-3992)
  • To find out and confirm if the Windows GUID is same in unique users, Collect the GlobalProtect logs
  • Extract the compressed log bundle and open log file "palo_alto_networks_dem_agent.log
  • Search for uuid in the logs which will be the GUID obtained from the client. If they are same for 2 unique users, then the above scenario would be applicable. 
[2023-12-24 15:12:31.706] [default] [info] Received inbound message:
  SeqNum 923697
  MsgId 24201 (unknown)
  Flags 64
  Payload: {"user":"user@customer.com","groups":[],"groupsTimestamp":1703419964}
[2023-12-24 15:12:32.855] [default] [info] Serialised message:
  MsgId: 24001 (MSGIDS_AGENT_STARTUP_REQUEST)
  SeqNum: 14097
  Payload: {
 "utcTime": "20231224-12:12:31.554+180",
 "version": "4.0.11",
 "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-yyyyyyyyyyyy",  <<<<<<. (Masked on purpose) 
 "accountId": 4661,
 "network": {
  "wlans": [
   {
    "active": true,
    "ssid": "user_name",
    "minRx": 173300,
    "rx": 173300,
    "maxRx": 173300,
    "minTx": 173300,
    "tx": 173300,
    "maxTx": 173300,


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008WNCCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language