Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hvardhang
Staff
Staff

Created on ‎02-17-2022 06:18 AM Edited on ‎07-25-2025 01:36 AM By Moderator

Article Id 205035

Technical Tip: Unable to fetch user groups information on FSSO Collector agent

Description This article describes the situation where the user is unable to fetch user groups information on the Fortinet Single Sign-On Collector Agent Service.
Scope

Fortinet Single Sign-On Collector Agent.
Solution

When there is a service account/administrator password getting expired/reset/renewed on the Active Directory results in the FSSO collector agent failing to get group information.

 

The collector agent debug shows below messages where the LDAP bind fails.

 

02/11/2022 11:47:58 [ 5152] ldaplib::ldap_bind_s failed, server:fermion-kvm52.rishi.com error code:0x31.
02/11/2022 11:47:58 [ 5152] ad_user_get_groups_str2_s():<NONE>

 

Validate and correct with proper username, password details on the collector agent under 'Set Directory Access Information' --Advanced setting--Correct with username and password details.

 

Note: If the Advanced setting shows blank for LDAP configuration, it means Fortinet Single Sign-On uses Service account credentials.

It can be validated under 'service.msc', Open services--Fortinet Single Sign-on Agent service--Properties--Logon, correct with credentials.

 

image.png

 

image.png
5013
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.