|
By default, the Collector Agent checks every five minutes (configurable - 'Workstation verify interval') every existing FSSO session to check, if the user is still logged in.
This is done using WMI(DCOM).
Refer to this KB article:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD31772
There are a few things that can cause the collector agent not to be able to connect to the user's workstation and once it is not able to connect, it will generate the error mentioned above message.
In order to make sure that the Workstation check is working, be sure to enable connectivity from the COllector Agent towards the workstations via the below-mentioned TCP ports:
135 - DCE RPC Endpoint Manager DCOM Service Control
139 - Netbios Session Service
445 - Microsoft Directory Services SMB
49152-65535 - WMI (DCOM)
The following are the most common causes:
1) Most commonly, a host firewall on the user's workstation prevents remote access above mentioned ports.
Try opening the ports on the host firewall or disabling it altogether.
2) A network firewall blocks the above-mentioned ports between the collector agent and the user workstations.
3) If the remote registry service is not running on the user's workstation the collector agent will not be able to connect to the registry remotely.
Make sure the remote registry service is running.
|
