Description

This article describes the issue that FortiGate collector agent 5.0.0.323 or earlier does not support Windows Server 2025 with the default polling mode, which is 'Check Windows Security Event Logs'.

Scope

FortiGate collector agent and Windows Server compatibility.

Solution

It is common that in the FortiGate collector agent, the default polling mode is used, which is 'Check Windows Security Event Logs'; it works with Windows Server 2022 or earlier. 

The version support matrix is listed in the release note below:

FortiGate 7.4.9 Release Notes Product Integration and Support

FortiGate 7.6.4 Release Notes Product Integration and Support

User will find that once the server is upgraded to Windows Server 2025, the Collector agent query will fail with this default setting.

The FSSO collector agent v5.0.0330 that came with FortiGate 7.4.10 is now GA as of late January 2026, and is available to download on the Fortinet Support Portal.

This version supports Windows Server 2025 and and other operating systems mentioned in the 7.4.10 release notes. Earlier versions of v5.0.0328 released with FortiGate 7.6.5 also support Windows Server 2025. It is recommended to use later versions.

• FortiGate 7.4.10 Release Notes Product Integration and Support 
• FortiGate 7.6.5 Release Notes Product Integration and Support

When using Windows Server 2025 with the new collector agent, make sure the option 'Enforce Kerberos' is checked as shown in the screenshot below.