Moved provisionally to Business > SIEM for better support.
Make sure you write the changes on the Receivers and rollout policies. This should fix the issue.
This ended up being a permissions issue even though the ID was in the Administrator group. What threw us off was originally I used ID#1, changed the Data Source config to use ID#2. The Firewall for some reason held on to the first ID in it's database. So when I looked in the Firewall logs I sene ID#1 trying to login to the Server. Once I did a tcpdump I saw that ID#2 was actually trying to login. I asked the Server guys if I could try the admin ID, then it worked.