User ID Agent logs display message "Read security log event returns false 1503 for DC"

User ID Agent logs display message "Read security log event returns false 1503 for DC"

2417
Created On 09/06/22 02:31 AM - Last Modified 02/07/25 03:29 AM


Symptom


  • In UaDebug.log, the following error '1503' can be seen.
13:30:41:308[ Info 291]: Read security log event returns false 1503 for DC <Server Name>.
13:30:41:308[Error 922]: Read security log returns error 1 on server <Server Name>.
13:30:41:324[Debug 355]: Event: type="server status" name="<UIA Name>" status="Connecting"
13:30:41:339[Debug 355]: Event: type="server status" name="<UIA Name>" status="Connected"
13:30:41:339[ Info 936]: Re-connect succeeds on DC <Server Name>
  • There are no problems with User-ID features, fetching users/groups from AD/UIA on the firewall.
  • The error starts to happen after upgrading Windows patch to an AD server.

Environment


  • Prisma Access
  • CIE (Cloud Identity Engine)
  • Strata
  • User-ID Agent

Cause


The log message 1503 indicates a problem with insufficient service account privileges.

Resolution


  1. Check the privileges granted to the User ID Agent and provide the correct privileges.
  2. If not resolved, upgrade the Active Directory and User ID Agent servers to the same windows patch level.
  3. If the recent patch upgrade has caused the problem, Rollback to the previous patch.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sYzVCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail