Failed to get response "Response = 404 Not Found" when configuring Cloud Identity Engine to pull the groups

• Unable to retrieve the groups
• dscd.log shows an error below

14:26:33 {"level":"error","time":"xxxx-11-01T14:26:33.613058648-05:00","message":"Failed to fetch(FULL) group cn=gdn_network_engineering_and_operations,ou=roles,ou=guardian,ou=eas,ou=organizational units,dc=ds,dc=vanderbilt,dc=edu"}
14:26:33 {"level":"error","time":"xxxx-11-01T14:26:33.708904249-05:00","message":"Failed to get response for Query : {\"tenantId\":\"8057536396163086008\",\"domain\":\"ds.vanderbilt.edu\",\"useNormalizedAttrs\":\"true\",\"onlyDomainSearch\":\"false\",\"attrs\":[\"SAM Account Name\",\"User Principal Name\",\"Mail\",\"WhenChanged\"],\"filter\":{\"type\":\"group\",\"level\":\"recursive\",\"name\":{\"attrName\":\"Name\",\"attrValue\":\"cn=gdn_vec_sos,ou=roles,ou=guardian,ou=eas,ou=organizational units,dc=ds,dc=vanderbilt,dc=edu\",\"match\":\"equal\"}},\"page\":{\"pageNum\":1,\"pageSz\":1000}}. Response = 404 Not Found "}

• Cloud Identity Engine
• Palo Alto Networks Firewall

Mismatch of configuration of Group Attributes and the corresponding Security Policy.

1. Verify the configuration of the Group Attributes under GUI: Device > User Identification > Cloud Identity Engine > Group Attributes and the corresponding Security Policy.
2. A mismatch between these configurations can result in a 404 Not Found error.

Example:

1. If the Group Name is configured as “Name” under Group Attributes, but the Security Policy references the DN instead of the group name, the firewall will return a 404 Not Found error.
2. To resolve, update the Security Policy to use the group name instead of the DN.
3. This will resolve the mismatch and clear the error.