By default, the Collector Agent checks every five minutes (configurable - 'Workstation verify interval') every existing FSSO session to check if the user is still logged in.

This is done using WMI(DCOM).

Refer to this KB article:

Troubleshooting-Tip-User-status-Not-Verified-on-the-FSSO

There are a few things that can cause the collector agent not to be able to connect to the user's workstation and once it is not able to connect, it will generate the error message mentioned above.

To make sure that the Workstation check is working, be sure to enable connectivity from the COllector Agent towards the workstations via the below-mentioned TCP ports:

• 135 -  DCE RPC Endpoint Manager DCOM Service Control
• 139 - Netbios Session Service
• 445 - Microsoft Directory Services SMB
• 49152-65535 - WMI (DCOM)

The following are the most common causes:

Most commonly, a host firewall on the user's workstation prevents remote access to the above-mentioned ports.  Try opening the ports on the host firewall or disabling it altogether.

A network firewall blocks the above-mentioned ports between the collector agent and the user workstations.

If the remote registry service is not running on the user's workstation, the collector agent will not be able to connect to the registry remotely.

Make sure the remote registry service is running.

Verify if DNS resolves as expected, execute 'nslookup' from CMD on the Windows server to resolve to the hostname of the client. Ensure the forward and reverse lookups are added for the client (Include PTR).