User-ID Agent 8.0 Addressed Issues

Want to know if there are any issues related to the Windows User-ID™ agent 8.0 release that have been addressed?
The following tables list the issues that are fixed in Windows-based User-ID agent 8.0 releases. For new features, associated software versions, known issues, or changes in default behavior, see User-ID Agent 8.0 Release Information.
For recent updates to addressed issues for a given PAN-OS® release, refer to live.paloaltonetworks.com/t5/Articles/Critical-Issues-Addressed-in-PAN-OS-Releases/ta-p/52882.

User-ID Agent 8.0.12 Addressed Issues

IssueDescription
WINAGENT-450
Fixed an issue where the User-ID agent stopped responding after receiving syslog messages when the agent was not configured to receive syslog messages.
WINAGENT-341
Fixed an issue where logs were inundated with warning messages (need to allocate <file-size> bytes for big body). The default User-ID message buffer size is increased from 4,096 bytes to 8,000 bytes.

User-ID Agent 8.0.11 Addressed Issues

IssueDescription
WINAGENT-363
Fixed a restart issue with the User-ID agent where the User-ID agent process unexpectedly restarted a second time during an event that required a restart.

User-ID Agent 8.0.10 Addressed Issues

IssueDescription
WINAGENT-354
Fixed an issue where the User-ID agent service stopped responding and caused the Windows-based User-ID agent to stop responding during a commit.
WINAGENT-343
Fixed an issue where the User-ID credential agent failed to recognize users that were included in the Domain Users group after adding the group to the Allowed RODC Password Replication Group. With this fix, the group ID is correctly added to the LDAP query and the agent correctly recognizes users in the Domain Users group.
WINAGENT-207
Fixed an issue where, after an upgrade to User-ID agent 8.0, the username value included the date and time information instead of only the username.

User-ID Agent 8.0.9 Addressed Issues

IssueDescription
WINAGENT-355
Fixed an issue where a firewall integrated with the AirWatch Mobile Device Manager (MDM) for GlobalProtect couldn't process Host Information Profile (HIP) reports that it received from the Windows-based User-ID agent.
WINAGENT-312
Fixed an issue where the Windows-based User-ID agent stopped responding after it connected to a Novell eDirectory server.
WINAGENT-304
Fixed an issue where the User-ID credential service couldn't initiate password replication for users whose common name (CN) contained a comma (",") or equal ("=") character followed by a space.

User-ID Agent 8.0.8 Addressed Issues

IssueDescription
WINAGENT-244
Fixed an issue where the Windows-based User-ID agent didn’t detect users whose account name (sAMAccountName) contained a dollar ($) character that wasn't at the end of the name.

User-ID Agent 8.0.7 Addressed Issues

IssueDescription
WINAGENT-314
Fixed an issue where the Windows-based User-ID agent overrode usernames with machine names in IP address-to-username mappings.

User-ID Agent 8.0.6 Addressed Issues

IssueDescription
WINAGENT-263
Fixed an issue where starting the Windows-based User-ID agent caused CPU and memory usage to spike on the host server. On a host server with less than 4GB of RAM, the spike caused the User-ID agent to lose connectivity.
WINAGENT-206
Fixed an issue where the Windows-based User-ID service displayed a credentials error when an administrator tried to Commit changes after another administrator configured a password for the User-ID agent on the same Windows server.
WINAGENT-163
As an enhancement for collecting information about AirWatch-managed endpoints, the Host Information Profile (HIP) data that Windows-based User-ID agents send to the GlobalProtect gateway now include the endpoint compliance status (compliant, non-compliant, or not available) and ownership information (employee owned, corporate-dedicated, or corporate-shared).
WINAGENT-58
Fixed an issue where the Properties dialog (Windows) for the UaController.exe file displayed the incorrect file version.

User-ID Agent 8.0.5 Addressed Issues

IssueDescription
WINAGENT-243
Fixed an issue on the Windows-based User-ID agent where the MDM integration service for VMware AirWatch stopped running while processing large host information profile (HIP) reports. With this fix, the MDM integration service supports HIP reports of up to 50KB; when necessary, GlobalProtect truncates the applications list to ensure the report size remains within the maximum size.
WINAGENT-224
Fixed an issue where firewalls running PAN-OS 6.1 could not connect to Windows-based User-ID agents 8.0.4 and earlier versions because the agents did not allow TLSv1.0 connections. With this fix, Windows-based User-ID agents 8.0.5 and later versions allow TLSv1.0 connections with firewalls running PAN-OS 6.1.
WINAGENT-220
Fixed an issue where the firewall incorrectly blocked URLs due to a higher than expected rate of false positives when users entered non-corporate passwords to access websites after you configured the Windows-based User-ID agent to detect credential submissions (User IdentificationSetupEditCredentials).

User-ID Agent 8.0.4 Addressed Issues

IssueDescription
WINAGENT-34
Fixed an issue where the Windows User-ID agent allowed weak ciphers for SSL/TLS connections. With this fix, the Windows User-ID agent allows only the following ciphers for SSL/TLS connections:
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-ECDSA-AES128-SHA256
  • DHE-RSA-AES256-SHA256
  • DHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES256-SHA
  • ECDHE-ECDSA-AES256-SHA
  • ECDHE-RSA-AES128-SHA
  • ECDHE-ECDSA-AES128-SHA
  • DHE-RSA-AES256-SHA
  • DHE-RSA-AES128-SHA
  • AES256-SHA256
  • AES256-SHA
  • AES128-SHA256
  • AES128-SHA

User-ID Agent 8.0.3 Addressed Issues

IssueDescription
WINAGENT-141
Fixed an issue where the MDM integration service of the Windows-based User-ID agent rejected connections from the MDM event notification service when you did not configure the IP address of the MDM event notification service as a Permitted IP address (MDM IntegrationSetupPermitted IP).
PAN-68824
Fixed an issue where the Windows-based User-ID agent performed IP address-to-username mapping for user accounts that were in the Ignore User list (ignore_user_list.txt).

User-ID Agent 8.0.2 Addressed Issues

IssueDescription
WINAGENT-142
Fixed an issue where the Test Connection option for the MDM integration service returned a Test Failed message even when the integration service successfully connected to the AirWatch MDM service (MDM IntegrationSetupTest Connection).
WINAGENT-122
Fixed an issue where the Windows-based User-ID agent frequently reset its connection with a syslog sender, causing the sender to generate numerous connection failure logs and associated alerts.
WINAGENT-65
Fixed an issue where, when the PAN-OS XML API sent user mappings with no timeout value to a Windows-based User-ID agent, the agent set the mappings timeout to never instead of applying the User Identification Timeout setting.

User-ID Agent 8.0.1 Addressed Issues

IssueDescription
WINAGENT-133
Fixed an issue where the Windows-based User-ID agent had a memory leak while running the MDM Integration Service.
WINAGENT-109
Fixed an issue where the Windows-based User-ID agent attempted to access the certificate store on the agent even when hashes match, which caused authentication to fail even for matching hashes if the certificate store on the agent was inaccessible.
WINAGENT-90
Fixed an issue where a Windows-based User-ID Agent running the MDM Integration Service failed during startup due to a Windows module fault and required a restart.

User-ID Agent 8.0.0 Addressed Issues

IssueDescription
PAN-60400
Fixed an issue where the username displayed as a concatenated string (username+IP address) when learned from the User-ID agent instead of through the firewall. With this fix, the username displays correctly (without IP address).

Related Documentation