FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
keithli_FTNT
Staff
Staff
Article Id 193680

Description

Users may see the following Errors under Install Information of Client Details:
Deployment service failed to connect to the remote task service
Deployment service failed to access the remote device registry

FCTEMS-GA-DeployFailed-access.jpg

Upon receiving one of the above errors, FortiClient fails to install from FortiClient EMS


Solution

 
The deployment service error message may be caused by any of the following. Try eliminating them all, one at a time.
 
 
 
1. Wrong username or password in the EMS profile
 
Ensure that the right credentials are input in the Endpoint Profiles->EMS Profiles->Install Options->FortiClient Installer Settings page
 
  • For AD installations, this should be a user on the AD with sufficient admin rights
  • For non-AD installations, this should be a user with sufficient admin rights on the computer
FCTEMS-GA-EMSProfile-Installer.jpg
 
 
 
2. Endpoint is unreachable over the network
 
This can be due to one of the following:
 
  • Cannot ping endpoint by name (EMS only deploys by host name)
  • Firewall on Windows or along the network path blocks network access to EMS
  • Cannot create registry entry on the endpoint (See below)
 
 
 
3. Task Scheduler service is not running
 
This service is required to schedule the deployments
 
  • For AD environments, ensure that the Task Scheduler service is enabled from Group Policy Management
 
FCTEMS-GA-AD-Services.JPG
 
  • For non-AD environments, ensure the Task Scheduler service is set to enabled Automatically
 
FCTEMS-GA-TaskScheduler.JPG
 
Also refer to the FortiClient EMS Administration Guide for details
 
 
 
4. Remote Registry service is not running
 
This service is required to access and modify the Registry
 
  • For AD environments, ensure that the Remote Registry service is enabled from Group Policy Management
(Refer to screenshot in 3)
 
  • For non-AD environments, ensure the Remote Registry service is set to enabled Automatically
 
FCTEMS-GA-RemoteRegistry.JPG
 
Also refer to the FortiClient EMS Administration Guide for details
 
 
 
5. Windows firewall is blocking connection
 
Ensure the proper Inbound Rules are configured to allow File & Print Sharing and Remote Scheduled Tasks Management
 
  • For AD environments, use Group Policy Management to navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound Rules
  • Create a rule for File & Printer Sharing
  • Create a rule for Remote Scheduled Tasks Management (RPC)
 
FCTEMS-GA-GPM-FirewallInbound.JPG
 
  • For non-AD environments, ensure you allow File & Printer Sharing and Remote Scheduled Tasks Management (RPC) in your Windows Firewall Inbound Rules
 
FCTEMS-GA-FirewallInbound-FileSharing.JPG
 
FCTEMS-GA-FirewallInbound-RemoteSchedule.JPG
 
 
 
Indications that an EMS deployment is started on an endpoint
 
If EMS deployment actually started on the endpoint, an installation log file is created in c:\Windows\FortiEMSInstaller. A FortiClient Installer can also be located in the directory.
 
 
 
For manual installations, the FortiClient installer creates a log file, FortiClient0000x.log in %temp% (usually: c:\users\<username>\appdata\local\temp)
 
 
 
Additional References:
 
 

 

 

Contributors