FortiAuth Agent is not hitting after restarting the Windows Server 2012 R2

Hi Hafiz,

I haven't seen previous reports of this behaviour, but if reproducible, it definitely sounds like something (some sort of registry protection feature in another software package? Strict GPOs?) is reverting some/all of the registry changes we make upon reboot. Just to confirm, are the logon prompts with OTP still an available option at the logon screen, with users bypassing it by choosing the built-in one without a token prompt, or is it gone altogether?

Assuming it's gone altogether:

Unless whatever is happening breaks it too, you can launch the FortiAuthenticator Agent configuration and look at the sections near the bottom labelled "FortiAuthenticator Agent Service" and "Credential Provider/GINA status". I'm expecting at least the "Credential Provider/GINA status" one to show something wrong, which would be a pretty good clue about the specific registry key(s) being reset. The buttons there permit toggling via the buttons, but don't restore everything that could be going wrong without a reinstall.

These registry paths are the likeliest culprits based on what you describe, but we set a few other things too:

HKEY_CLASSES_ROOT\CLSID

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters

We create keys under all of these - a GUID named "{f98ac68d-ae8e-47d8-ab82-f19bcb6328ab}" - I think they're disappearing.

Regards,

Jeremy