Description
The Windows server core is a minimal installation option that is available when installing the standard or datacenter editions of Windows Server.
By design, server core does not have a traditional desktop interface.
Instead, server core is designed to be managed remotely through the command line, PowerShell, or a special GUI tool, which means that the usual GUI configuration of FSSO collector agent is not possible.
This article describes how to configure FSSO Collector agent on Windows server core.
Scope
FortiGate.
Solution
Every FortiOS firmware version specifies the minimum FSSO version needed in its release notes, as well as the supported operating systems for FSSO installation.
Verify initially if the FSSO version to install supports the Windows server core version.
After installing the collector agent via the installation wizard, it is necessary to configure it.
The usual GUI method runs the FSAEConfig.exe but in server core environment it is necessary to perform all configuration directly in the registry.
The FSSO collector agent has to be listed in the following registry path:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\collectoragent
Note:
For options not explicitly specified in the following table, the standard registry binary values of 0 (False/disabled) and 1 (True/enabled) apply.
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\collectoragent]
"supportLogonMonitor"=dword:00000001
"admode"=dword:00000001
"supportNTLMauth"=dword:00000001
"domain_list"="TEST:test.local"
"ep_eventid_list"="2"
"supportFSAEauth"=dword:00000000
"supportLogonMonitorType"=dword:00010001
"pushIgnoreListToDC"=dword:00000001
"verifyIP"=dword:00000000
"ep_gobackhours"=dword:00000000
"directDNSlookup"=dword:00000001
"callgethostbyname"=dword:00000001
"DNSlookupinterval"=dword:0000000f
"grouplookupinterval"=dword:00000000
"checkinterval"=dword:0000003c
"timeoutinterval"=dword:00000078
"workerthreadcount"=dword:00000080
"use_groupcache"=dword:00000000
"max_FGT_session"=dword:00000040
"GroupCacheExpiration"=dword:0000003c
"log_level"=dword:00000001
"log_level_event"=dword:00000000
"log_size"=dword:00a00000
"dcagentport"=dword:00001f42
"enableauth"=dword:00000001
"fortigateport"=dword:00001f40
"fortigatesslport"=dword:00001f41
"dc_agent_ignore_ip_list"=""
"version"="5.0.0278"
"password_new"="**********"
"enable_ssoma"=dword:00000000
"workstation_in_logon_session"=dword:00000000
"wmi_logoff_check"=dword:00000001
"enable_deadthread_detect"=dword:00000000
"tsagent_alive_check"=dword:00000000
"InstallDir"="C:\\Program Files (x86)\\Fortinet\\FSAE"
"host"="10.0.0.10"
"uninstallDCAgent"=dword:00000001
"dc_list"="TEST/DC02.test.local;TEST/DC01.test.local"
"ad_port"=dword:00000cc4
"ad_server"="DC01.mt-test.local"
"ad_baseDN"="DC=mt-test,DC=local"
"ad_authuser"="service_fssouser"
"ad_passwd_new"="**********"
"ad_secureconnection"=dword:00000000
"DNS_list"="10.0.0.10"
"disable_rdp_override"=dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\collectoragent\Filter
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\collectoragent\Filter]
"ignore_users"="TEST\\admin_*;TEST\\Administrator;TEST\\service*;TEST\\srv_*"
"groups"="CN=Domain Users,CN=Users,DC=test,DC=local"
PS C:\Users\Administrator> netsh advfirewall firewall show rule name="Fortinet FSSO"
Rule Name: Fortinet FSSO
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: TCP
LocalPort: 8000
RemotePort: Any
Edge traversal: No
Action: Allow
Ok.
netstat -ano | findstr :8000
