User-ID Agent 8.0 Addressed Issues

Want to know if there are any issues related to the Windows User-ID™ agent 8.0 release that have been addressed?
The following tables list the issues that are fixed in Windows-based User-ID agent 8.0 releases. For new features, associated software versions, known issues, or changes in default behavior, see User-ID Agent 8.0 Release Information.
For recent updates to addressed issues for a given PAN-OS® release, refer to

User-ID Agent 8.0.12 Addressed Issues

Fixed an issue where the User-ID agent stopped responding after receiving syslog messages when the agent was not configured to receive syslog messages.
Fixed an issue where logs were inundated with warning messages (need to allocate <file-size> bytes for big body). The default User-ID message buffer size is increased from 4,096 bytes to 8,000 bytes.

User-ID Agent 8.0.11 Addressed Issues

Fixed a restart issue with the User-ID agent where the User-ID agent process unexpectedly restarted a second time during an event that required a restart.

User-ID Agent 8.0.10 Addressed Issues

Fixed an issue where the User-ID agent service stopped responding and caused the Windows-based User-ID agent to stop responding during a commit.
Fixed an issue where the User-ID credential agent failed to recognize users that were included in the Domain Users group after adding the group to the Allowed RODC Password Replication Group. With this fix, the group ID is correctly added to the LDAP query and the agent correctly recognizes users in the Domain Users group.
Fixed an issue where, after an upgrade to User-ID agent 8.0, the username value included the date and time information instead of only the username.

User-ID Agent 8.0.9 Addressed Issues

Fixed an issue where a firewall integrated with the AirWatch Mobile Device Manager (MDM) for GlobalProtect couldn't process Host Information Profile (HIP) reports that it received from the Windows-based User-ID agent.
Fixed an issue where the Windows-based User-ID agent stopped responding after it connected to a Novell eDirectory server.
Fixed an issue where the User-ID credential service couldn't initiate password replication for users whose common name (CN) contained a comma (",") or equal ("=") character followed by a space.

User-ID Agent 8.0.8 Addressed Issues

Fixed an issue where the Windows-based User-ID agent didn’t detect users whose account name (sAMAccountName) contained a dollar ($) character that wasn't at the end of the name.

User-ID Agent 8.0.7 Addressed Issues

Fixed an issue where the Windows-based User-ID agent overrode usernames with machine names in IP address-to-username mappings.

User-ID Agent 8.0.6 Addressed Issues

Fixed an issue where starting the Windows-based User-ID agent caused CPU and memory usage to spike on the host server. On a host server with less than 4GB of RAM, the spike caused the User-ID agent to lose connectivity.
Fixed an issue where the Windows-based User-ID service displayed a credentials error when an administrator tried to Commit changes after another administrator configured a password for the User-ID agent on the same Windows server.
As an enhancement for collecting information about AirWatch-managed endpoints, the Host Information Profile (HIP) data that Windows-based User-ID agents send to the GlobalProtect gateway now include the endpoint compliance status (compliant, non-compliant, or not available) and ownership information (employee owned, corporate-dedicated, or corporate-shared).
Fixed an issue where the Properties dialog (Windows) for the UaController.exe file displayed the incorrect file version.

User-ID Agent 8.0.5 Addressed Issues

Fixed an issue on the Windows-based User-ID agent where the MDM integration service for VMware AirWatch stopped running while processing large host information profile (HIP) reports. With this fix, the MDM integration service supports HIP reports of up to 50KB; when necessary, GlobalProtect truncates the applications list to ensure the report size remains within the maximum size.
Fixed an issue where firewalls running PAN-OS 6.1 could not connect to Windows-based User-ID agents 8.0.4 and earlier versions because the agents did not allow TLSv1.0 connections. With this fix, Windows-based User-ID agents 8.0.5 and later versions allow TLSv1.0 connections with firewalls running PAN-OS 6.1.
Fixed an issue where the firewall incorrectly blocked URLs due to a higher than expected rate of false positives when users entered non-corporate passwords to access websites after you configured the Windows-based User-ID agent to detect credential submissions (User IdentificationSetupEditCredentials).

User-ID Agent 8.0.4 Addressed Issues

Fixed an issue where the Windows User-ID agent allowed weak ciphers for SSL/TLS connections. With this fix, the Windows User-ID agent allows only the following ciphers for SSL/TLS connections:
  • DHE-RSA-AES256-SHA256
  • DHE-RSA-AES128-SHA256
  • AES256-SHA256
  • AES256-SHA
  • AES128-SHA256
  • AES128-SHA

User-ID Agent 8.0.3 Addressed Issues

Fixed an issue where the MDM integration service of the Windows-based User-ID agent rejected connections from the MDM event notification service when you did not configure the IP address of the MDM event notification service as a Permitted IP address (MDM IntegrationSetupPermitted IP).
Fixed an issue where the Windows-based User-ID agent performed IP address-to-username mapping for user accounts that were in the Ignore User list (ignore_user_list.txt).

User-ID Agent 8.0.2 Addressed Issues

Fixed an issue where the Test Connection option for the MDM integration service returned a Test Failed message even when the integration service successfully connected to the AirWatch MDM service (MDM IntegrationSetupTest Connection).
Fixed an issue where the Windows-based User-ID agent frequently reset its connection with a syslog sender, causing the sender to generate numerous connection failure logs and associated alerts.
Fixed an issue where, when the PAN-OS XML API sent user mappings with no timeout value to a Windows-based User-ID agent, the agent set the mappings timeout to never instead of applying the User Identification Timeout setting.

User-ID Agent 8.0.1 Addressed Issues

Fixed an issue where the Windows-based User-ID agent had a memory leak while running the MDM Integration Service.
Fixed an issue where the Windows-based User-ID agent attempted to access the certificate store on the agent even when hashes match, which caused authentication to fail even for matching hashes if the certificate store on the agent was inaccessible.
Fixed an issue where a Windows-based User-ID Agent running the MDM Integration Service failed during startup due to a Windows module fault and required a restart.

User-ID Agent 8.0.0 Addressed Issues

Fixed an issue where the username displayed as a concatenated string (username+IP address) when learned from the User-ID agent instead of through the firewall. With this fix, the username displays correctly (without IP address).

Related Documentation