This article describes how to troubleshoot 'Aggregator Returned Response Code 429' error.
Scope
FortiEDR.
Solution
Error sample:
07/08/2023 17:12:19.912 <TRY> [N]: (TTAA266): Sending status to TrayAppNofitier took: 4285 ms 07/08/2023 17:12:20.027 <CFG> [N]: (TTAT123): registration request agent ID 0 07/08/2023 17:12:23.227 <CFG> [E]: (TTI757): Failed register to adacomsa-both-europe-west3-a-0.ensilo.com:8081, aggregator returned response code 429
Verify Network Connectivity: Ensure that the affected device running the collector has stable and uninterrupted network connectivity to the aggregator. Network issues can sometimes lead to communication problems.
Check Aggregator Health: Confirm the health and availability of the aggregator server. Ensure that it is up and running without any performance issues.
Examine Collector Logs: Access the logs on the collector machine to identify any additional error messages or events that may provide insights into the issue. Logs may contain information about the specific nature of the problem.
Check License Usage: Verify the license usage for FortiEDR deployment. Ensure that sufficient licenses are available. License exhaustion can sometimes lead to communication errors.
Review Collector Configuration: Review the collector's configuration settings to make sure they are correct. Pay special attention to any settings related to communication with the aggregator, such as hostnames, ports, and authentication credentials.
Investigate Aggregator Load: The HTTP response code 429 often indicates that the aggregator is overwhelmed or experiencing a high load. Check the aggregator's resource usage and load, and consider optimizing its performance if necessary.
Retry the Registration: In some cases, the error may be temporary. Retry the registration process by restarting the collector service or redeploying the collector. Monitor the registration process to see if the error persists.
Check for Blocked IPs or IPs on Blacklists: Verify that the IP address of the collector machine is not blocked or listed on any IP blacklists. Blocked IPs can prevent successful communication with the aggregator.
