Agentless User-ID Connection to Active Directory Server Not Connected

Agentless User-ID Connection to Active Directory Server Not Connected

42161
Created On 04/11/19 12:15 PM - Last Modified 04/24/19 14:45 PM


Symptom
– Active Directory server configured for Agentless User-ID.
– Server Monitoring connection status shows Not Connected.
– The User-ID logs have the following error message:
Error: pan_user_id_win_log_query(pan_user_id_win.c:1349): log query for AD-Server failed: NTSTATUS: NT code 0x80041003 - NT code 0x80041003
Error: pan_user_id_win_get_error_status(pan_user_id_win.c:1040): WMIC message from server AD-Server: NTSTATUS: NT code 0x80041003 - NT code 0x80041003

– Service Account created in AD and is a member of below groups:
            - Distributed COM Users
            - Event Log Readers
            - Server Operators

– Shown in the screenshot below, see the "Not Connected" status in the Server Monitoring under Device > User Identification > User Mapping > Server Monitoring:
       User-added image


Environment
PAN-OS
Agentless User-ID


Cause
This could happen when the Enable Remote WMI Access is not allowed for service account.

Resolution
Run "wmimgmt.msc" on the command prompt to open the console and select these properties:
User-added image

From the security tab on the WMI Control Properties:
1.) Select the CIMV2 folder. 
2.) Click Security.
3.) Click Add and then select the service account.
4.) For this account, check both Allow for Enable Account and Remote Enable.
5.) Click Apply.
6.) Then click OK.

User-added image


Additional Information
For additional information on how to configure an agentless User-ID, please reference this article:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGGCA0


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000PLW6&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Attachments
Choose Language