User-ID Agent Service Account Locked out Intermittently

User-ID Agent Service Account Locked out Intermittently

Created On 09/26/18 13:51 PM - Last Modified 02/07/19 23:40 PM



The User-ID Agent 5.0.6 service account is getting locked out intermittently, causing traffic to be denied on the Palo Alto Networks firewall due to the Deny All Rule. The intermittent lock out of User-ID Agent service account happens within 1 to 4 weeks of the installation.



The possible cause is improper installation of User-ID Agent and account/registry/directory privileges not set correctly.



Follow the steps below:

  1. Verify the User-ID Agent service account is not being used by another service
  2. Configure a dedicated service account for the User-ID Agent
  3. Change User-ID Agent service account password to a simpler password using no special characters
  4. If the above steps do no resolve the issue, uninstalled User-ID Agent' completely and deleted the installation directory, then reinstalled new version 6.0 
    Issue fixed
    Note: Reinstall the User-ID Agent on the servers referencing instructions from the following document:  User Identification Initial Setup


owner: jlunario

  • Print
  • Copy Link

Choose Language