User ID credential phishing service does not work on Full Domai... - Knowledge Base - Palo Alto Networks

User ID credential phishing service does not work on Full Domain controller

12993

Created On 03/05/19 17:34 PM - Last Modified 03/13/21 03:35 AM

User-ID agent

User-ID

8.1

8.0

9.0

PAN-OS

Symptom

User ID credential service does not work on Full Domain controller

Environment

PAN-OS 8.0 and above.
Palo Alto Firewall.
Windows Server 2012 R2 / Windows Server 2016 or 2019.

Cause

User ID credential service add-on is not able to read the data from the cache of Full Domain Controller.
The data is not stored in Full DC (Domain controller) compared to the RODC ( Read-only Domain controller) where the details are pulled from the cache.

Resolution

For the User ID credential phishing agent to work correctly it has to be installed on Read-Only Domain controller.

Additional Information

Configure Credential Detection with the Windows User-ID Agent

Note: Error messages can be seen in the User-ID agent folder of the Domain Controller. Check the log "UaCredDebug", to see the message "Error: Unable to extract credentials"

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)