FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff
Article Id 274244
Description

This article describes a scenario where the FSSO may not work properly after a sudden time and without changing anything in the configuration.

 

It is possible to check that by navigating to Windows Server -> 'Fortinet Single Sign On Agent Configuration' -> Collector Agent Status: NOT RUNNING but no changes were made at the FortiGate unit and at the Fortinet Single Sign On Agent Configuration. 

 

1.png
Scope

FortiGate v7.x.

Solution

Go to Windows Server -> Search: Services -> Select 'Services'.  

 

2.png

 

Scroll down and go to 'Fortinet Single Sign On Agent Service': select it.

3.png

 

Go to the 'Log On' tab -> Put the current password following the account -> 'Password' and 'Confirm password' -> OK.

  

4.png

 

It will show a Services pop-up message with 'Windows could not start the Fortinet Single Sign On Agent Service service on Local Computer. Error 1069: The service did not start due to a logon failure.' -> Select OK -> Select OK.

 

5.png

 

Go to 'Fortinet Single Sign On Agent Service': 'Right Click' -> Select 'Stop'.

 

6.png

 

Go to 'Fortinet Single Sign On Agent Service': 'Right Click' -> Select 'Start'.

 

7.png

Go to Windows Server and go to 'Fortinet Single Sign On Agent Configuration' -> Collector Agent Status: RUNNING.

It will show Collector Agent Status: RUNNING after that.

  

8.png

 

This service restart procedure might be necessary if the 'Fortinet Single Sign On Agent Configuration' account had expired or the password has been changed due to a password policy.
Make sure the service 'Startup-type' is set to 'Automatic'. If the Startup Type is set to Manual, the service may not run after a reboot of the domain member host where the Collector Agent is installed.