Confirm reachability with the DC server (server ip and port). 

diagnose sniffer packet any "host <DC IP> and port 445" 4

Check the status of Polls for an AD connector. It displays a error ('err: server can not be accessible'). 

diagnose debug fsso-polling detail 

AD Server Status(err: server can not be accessible'). 

ID=2, name(10.240.2.13),ip=10.10.10.10, port=0, source(security), users(IPv4:0, IPv6:0),

username=XYZ\BijayPrakashGhising

read log eof=0, latest logon timestamp: Thu Jan  1 02:00:00 1970

polling frequency: every 10 second(s), success(0), fail(1087)

LDAP status: connected

Notice EoF = 0. This means BijayPrakashGhising is unable to read or does not have permission to read the log file. 

For confirmation, capture the packet and debug flow between FortiGate and the DC server.

Debug flow:

diagnose debug application fssod -1

diagnose debug application smbcd -1

diagnose debug enable

Packet capture:

On packet capture analysis:

• At entry 21, the server 10.10.10.10 responds to the OpenEventLog request (entry 20) with a DCERPC fault status: nca_s_fault_access_denied.
• This indicates the client 192.168.1.1 (user XYZ/BijayPrakashGhising) lacks sufficient permissions to access the event log on the server.

To resolve the issue, ensure the user account (XYZ/BijayPrakashGhising) has Read permissions for the event log, or provide a user who has the necessary permissions.

Related articles:

• Troubleshooting Tip: How to troubleshoot FSSO agentless polling mode issue
• Technical Tip: nca_s_fault_access_denied