User-ID Agent 8.1 Addressed Issues

Want to know if there are any addressed issues related to the Windows User-ID™ agent 8.1 release?
The following tables list the issues that are fixed in Windows-based User-ID agent 8.1 releases. For new features, associated software versions, known issues, or changes in default behavior, see User-ID Agent 8.1 Release Information.
For recent updates to addressed issues for a given PAN-OS® release, refer to

User-ID Agent 8.1.9 Addressed Issues

Fixed an issue where the user-to-IP address process took longer than expected after a Windows security event.
Fixed an intermittent issue where the user-to-IP address process took longer than expected when a larger than expected number of machine entries were sent to the firewall.
Fixed an issue where the Ignore User List (DeviceUser IdentificationEditIgnore User List) did not ignore User Principal Name (UPN) formatted user-to-IP address mapping entries.

User-ID Agent 8.1.8 Addressed Issues

Fixed an issue where usernames, which contained more than one space caused IP address-to-username mapping to display incomplete mapping information after a reboot.

User-ID Agent 8.1.7 Addressed Issues

Fixed an issue where the User-ID agent terminated unexpectedly when the Windows system was running low on memory and a firewall attempted to connect to the User-ID agent.
Fixed an issue where periodic probing did not trigger at the configured interval.
Fixed an issue where the User-ID credential phishing agent did not include the list of user IDs and corresponding passwords for users that belonged to the allowed RODC password replication group.

User-ID Agent 8.1.6 Addressed Issues

Fixed a rare issue where User-ID Agent failed after NULL value were retrieved for IP-User Mapping.

User-ID Agent 8.1.5 Addressed Issues

Fixed an issue where logs were inundated with warning messages (need to allocate <file-size> bytes for big body). With this fix, the default User-ID message buffer size is increased from 4,096 bytes to 8,000 bytes.

User-ID Agent 8.1.4 Addressed Issues

Fixed an issue where the User-ID agent stopped responding after receiving syslog messages when the agent was not configured to receive syslog messages.
Fixed an issue where the User-ID agent failed to normalize usernames correctly before sending to firewalls when the usernames were in User Principle Name (UPN) format, which prevented PAN-OS 8.0 and earlier firewalls from enforcing policy as expected for those usernames.
Fixed an issue where Windows User-ID agent stopped responding after installing the Microsoft August Windows updates and displayed the following message:
SSL cert file error: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib!!!!
Fixed an issue where the User-ID agent failed to normalize usernames correctly due to a domain map lookup failure.
Fixed a restart issue with the User-ID agent where the User-ID agent process unexpectedly restarted a second time during any event that required a restart.

User-ID Agent 8.1.3 Addressed Issues

Fixed an issue where IP address-to-username mappings did not get refreshed as expected when the User-ID agent was unable to perform Windows Management Instrumentation (WMI) periodic probing because the User-ID agent did not include the IP parameter when building the WMI query.
Fixed an issue where firewalls running a PAN-OS 8.0 or earlier release did not correctly ignore computer account names distributed from a User-ID 8.1 agent, which caused firewalls to overwrite IP address-to-username mappings in logs with the computer account names.
Fixed an issue where an E-directory server returned error results that caused the User-ID agent to stop responding when copying memory.
Fixed an issue where the User-ID agent did not normalize usernames that included double-byte characters.

User-ID Agent 8.1.2 Addressed Issues

Fixed an issue where a firewall integrated with the AirWatch Mobile Device Manager (MDM) for GlobalProtect couldn't process Host Information Profile (HIP) reports that it received from the Windows-based User-ID agent.
Fixed an issue where the User-ID credential agent failed to recognize users that were included in the Domain Users group after adding the group to the Allowed RODC Password Replication Group. With this fix, the group ID is correctly added to the LDAP query and the agent correctly recognizes users in the Domain Users group.
Fixed an issue where installing and configuring the Terminal Services (TS) agent on a Windows server resulted in a BSOD due to a reserved port range conflict.
Fixed an issue where the User-ID agent incorrectly added a backslash ( "\" ) character when mapping and sending a username (with no associated domain) to the firewall.

User-ID Agent 8.1.1 Addressed Issues

Fixed an issue where the Windows-based User-ID agent stopped responding after it connected to a Novell eDirectory server.
Fixed an issue where, after receiving machine account names in UPN format from a Windows-based User-ID agent, the firewall misidentified them as user accounts and overrode usernames with machine names in IP address-to-username mappings.
Fixed an issue where the Windows-based User-ID agent didn’t detect users whose account name (sAMAccountName) contained a dollar ($) character that wasn't at the end of the name.
Fixed an issue where firewalls running PAN-OS 6.1 couldn’t connect to Windows-based User-ID agent 8.1 because the agent didn’t allow TLSv1.0 connections. With this fix, User-ID agent 8.1.1 and later versions allow TLSv1.0 connections with firewalls running PAN-OS 6.1.

User-ID Agent 8.1.0 Addressed Issues

The Windows-based User-ID Agent 8.1.0 release has no addressed issues.

Related Documentation