Server monitoring status flapping between "Access denied" and "Connected" when using WinRM protocol

Server monitoring status flapping between "Access denied" and "Connected" when using WinRM protocol

3552
Created On 03/15/23 18:00 PM - Last Modified 07/27/23 20:25 PM


Symptom


  • Connection status flaps between ''Access denied" and "Connected" intermittently under firewall WebUI: Device > User Identification > User Mapping > Server Monitoring.
Server_Montoring_Status-Connected
Server_Montoring_Status-Access_denied
 
  • Similar messages are also seen in the useridd.log (less mp-log useridd.log).
> less mp-log useridd.log
-0700 Error:  pan_user_id_winrm_query(pan_user_id_win.c:2795): Connection failed. response code = 500, error: (null) in vsys 1, server=SRV.lab.local.
-0700 Error:  pan_user_id_winrm_query(pan_user_id_win.c:2751): failed to connect to winrm server SRV.lab.local in vsys 1
-0700 Error:  pan_user_id_winrm_error(pan_user_id_win.c:2644): HTTP 500: s:Receiverw:InternalErrorThe WS-Management service cannot process the request. The WMI service returned an 'access denied' error. 
200 The WS-Management service cannot process the request. The WMI service returned an 'access denied' error. HRESULT 0x8033810400182150859012HRESULTThe WS-Management service cannot process the request. The WMI service returned an 'access denied' error.
 

Environment

Cause


Caused by the option Enable Session being checked under WebUI: Device > User Identification > User Mapping > Server Monitor

Enable-Session

Resolution


  1. Disable Enable Session by unchecking the option on WebUI: Device > User Identification > User Mapping.
  2. If this option is enabled, the Dedicated Service account needs to be a member of Server Operator builtin group to read server sessions.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sb51CAA&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail