Skip to main content
fmerin_FTNT
Staff
fmerin_FTNT
Staff
January 4, 2018

Technical Tip: FSSO collector agent service not running because of port conflict

  • January 4, 2018
  • 0 replies
  • 4841 views

Description

 

This article describes that the Fortinet Single Sign-On (FSSO) Collector Agent service, which facilitates communication between the network's domain controllers and FortiGate devices, can sometimes face issues post-installation.

Even if correctly installed with the required Domain Admin privileges, the service might not run. A common reason for this is a TCP port conflict on Windows servers.

 

Scope

 

FortiGate.

 

 

Solution

 

Certain third-party applications or built-in Windows services might be utilizing TCP port 8000, which is the default port for the FSSO Collector Agent. This overlapping usage can prevent the FSSO Collector Agent from starting up and can produce the following error messages in its log files:

 
Failed to bind socket to port 8000
failed to create server socket
 
  1. 'Failed to bind socket to port 8000'.

In computer networking, a socket refers to an endpoint for sending or receiving data across a computer network. The process of 'binding' a socket usually means associating it with a specific IP address and port number so that it can listen for incoming connections or data on that port.

When the message 'Failed to bind a socket to port 8000' appears, it generally means that the application or service trying to use port 8000 was unable to reserve or 'bind' to that port.

 

There could be a few reasons for this:

  • Another application or service is already using (has bound to) port 8000.
  • The application does not have the necessary permissions to bind to that port.
  • Some system restrictions are preventing the application from binding to the port.

 

  1. 'failed to create server socket'.

This message typically follows the first error. A 'server socket' refers to a socket that's set up to listen for incoming connections.

Before an application can accept incoming network connections, it must first create this listening socket.

If it fails to bind to a specific port (as indicated by the first error), it will not be able to create this server socket.

In simpler terms, the application first tried to reserve port 8000 for its use and failed. Because it could not reserve the port, it also could not set up a listening point (server socket) for incoming connections on that port.

 

  1. To identify which process is currently using TCP port 8000 on the Windows server, run the following command on the CLI:

     


netstat -ano | findstr :8000

 

In the context of the FSSO Collector Agent:

The FSSO Collector Agent wants to establish a server socket on port 8000 to listen for incoming connections, possibly from a FortiGate or other network entities. But because something else is already using port 8000, or due to some other restriction, the Collector Agent cannot bind to the port and, consequently, cannot create its listening socket.

 

To resolve this issue, reconfigure the Windows application/service using TCP port 8000 to another TCP port.  
If this is not possible, reconfigure the FSSO Collector Agent's TCP port from 8000 to another unused port number.
 
Note
Port conflicts, while common, can disrupt the functioning of essential services. Regular monitoring and the use of tools like Netstat can assist in the early detection of such issues. Always ensure that essential services like the FSSO Collector Agent are using designated ports without conflicts to ensure seamless operation.
Terms & ConditionsAccessibility statement