FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aahmadzada
Staff
Staff
Article Id 219191
Description This article describes that 'System Events' can contain log entry with the description: 'DCOM was unable to communicate with the computer IP x.x.x.x using any of the configured protocols; requested by PID xxx (C:\Program Files (x86)\Fortinet\FSAE\collectoragent.exe)'.
Scope Fortinet Single Sign On Agent.
Solution

By default, the Collector Agent checks every five minutes (configurable - 'Workstation verify interval') every existing FSSO session to check,  if the user is still logged in.


This is done using WMI(DCOM).

Refer to this KB article:

 https://kb.fortinet.com/kb/viewContent.do?externalId=FD31772

There are a few things that can cause the collector agent not to be able to connect to the user's workstation and once it is not able to connect, it will generate the error mentioned above message.


In order to make sure that the Workstation check is working, be sure to enable connectivity from the COllector Agent towards the workstations via the below-mentioned TCP ports:

 

135 -  DCE RPC Endpoint Manager DCOM Service Control
139 - Netbios Session Service

445 - Microsoft Directory Services SMB

49152-65535 - WMI (DCOM)

 

The following are the most common causes:


1) Most commonly, a host firewall on the user's workstation prevents remote access above mentioned ports. 

Try opening the ports on the host firewall or disabling it altogether.

 

2) A network firewall blocks the above-mentioned ports between the collector agent and the user workstations.


3) If the remote registry service is not running on the user's workstation the collector agent will not be able to connect to the registry remotely.
Make sure the remote registry service is running.

Contributors