Technical Tip: FortiAuthenticator displaying duplicate/disconnected DC Agents

This article describes how FortiAuthenticator can sometimes display duplicate and disconnected DC Agents.

FortiAuthenticator can sometimes display duplicate DC Agents under Monitor -> SSO -> DC/TS Agents:

Some of the duplicate entries may show as disconnected.

This is caused by the following:

• When a DC Agent sends an event login to FortiAuthenticator, FortiAuthenticator will, on occasion, try to look up the DC Agent host’s hostname.
• It will do a reverse lookup for the DC Agent source IP.
• If this is successful, it will add a DC Agent entry to its table with the hostname.
• If this fails, it will add a DC Agent entry to its table with the IP.

If the reverse DNS lookup first fails, and then succeeds, or vice versa, this causes FortiAuthenticator to have two DC Agent entries, one of which may show as disconnected.

Pointing both DNS server entries (under System -> Network -> DNS) to an internal DNS can reduce occurrences of this issue.

Deleting the DC Agents and waiting for FortiAuthenticator to add them back as new DC Agent traffic comes will also temporarily resolve the issue.