Agentless User-ID Connection to Active Directory Server Not Connected
81642
Created On 04/11/19 12:15 PM - Last Modified 12/23/24 09:47 AM
Symptom
– Active Directory server configured for Agentless User-ID.
– Server Monitoring connection status shows Not Connected.
– The User-ID logs have the following error message:
Error: pan_user_id_win_log_query(pan_user_id_win.c:1349): log query for AD-Server failed: NTSTATUS: NT code 0x80041003 - NT code 0x80041003 Error: pan_user_id_win_get_error_status(pan_user_id_win.c:1040): WMIC message from server AD-Server: NTSTATUS: NT code 0x80041003 - NT code 0x80041003
– Service Account created in AD and is a member of below groups:
- Distributed COM Users
- Event Log Readers
- Server Operators
– Shown in the screenshot below, see the "Not Connected" status in the Server Monitoring under Device > User Identification > User Mapping > Server Monitoring:
Environment
- NGFW
- Supported PAN-OS
- Agentless User-ID
Cause
This could happen when the Enable Remote WMI Access is not allowed for service account.
Resolution
Run "wmimgmt.msc" on the command prompt to open the console and select these properties:
From the security tab on the WMI Control Properties:
1.) Select the CIMV2 folder.
2.) Click Security.
3.) Click Add and then select the service account.
4.) For this account, check both Allow for Enable Account and Remote Enable.
5.) Click Apply.
6.) Then click OK.
Additional Information
For additional information on how to configure an agentless User-ID, please reference this article:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGGCA0