This article explains how to disable the DNS resolution of the FSSO DCAgent.
Any supported version of FortiGate. This only applies to the FSSO DCAgent method.
When the user logs in, the DCAgent intercepts the logon event on the Domain Controller. It then resolves the DNS of the client and sends it to the Collector Agent. The Collector Agent receives it and performs a DNS resolution to check if the IP of the user has changed.
In some configurations, the double DNS resolution causes problems. Usually, the log DCAgentLog.txt displays that there are too many requests in the queue and discards the logon event with information such as the following:
domain:XXX, workstation:XXX, user:XXX, request in queue:100001
To prevent resolving the DNS, configure a registry key on the Domain Controller that hosts the DCAgent:
donot_resolve = (DWORD) 1 at HKLM/Software/Fortinet/FSAE/dcagent
After changing the value, reboot the domain controller. This step is necessary.
The logs before changing the value looked similar to the following:
<date> <time> [RECV_EVENT_FROM_DC] packet_len:58 dcagent_ip:172.16.8.123 time:1447165567 data_len:41 data:PC.example.com/EX_DC/user ip:172.16.1.10:172.16.2.10
After, they will look more like this:
<date> <time> [RECV_EVENT_FROM_DC] packet_len:58 dcagent_ip:172.16.8.123 time:1447165567 data_len:41 data:PC.example.com/EX_DC/user ip:0.0.0.0