CIE User Context on Firewall is flapping between connected and disconnected status with error "tenantId is empty"

CIE User Context on Firewall is flapping between connected and disconnected status with error "tenantId is empty"

511
Created On 08/13/25 11:08 AM - Last Modified 10/30/25 16:36 PM


Symptom


  • User Context for the Cloud Identity Engine provides simplified granular control over the data that is shared across all security devices.
  • This can be deployed by following these instructions.
  • Once configured and enabled, the connection status is flapping between disconnected and connected.
  • System logs (show logs system) report the following error message.
gRPC connection to identity.services-edge.paloaltonetworks.com:443 is broken, error: rpc error: code = Unknown desc = [UploadCUID] [XXXXXXXXXXXX] tenantId is empty

 

PAN-OS Edge Services enabled

 

Environment


  • Cloud Identity Engine (CIE)
  • User Context for User-ID redistribution
  • Strata Firewalls
  • Supported PAN-OS

Cause


The segment is not added to the enrolled device on the CIE Portal User-context.

CIE Edge Services segments

 

Resolution


  1. Add the segments in the User-Context of CIE Portal.
  2. Once added, the status is changed to "connected".
  3. Refer to Cloud Identity Engine User Context for details.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000kA9tKAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail