Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sharmaj
Staff
Staff

Created on ‎04-05-2022 04:49 AM

Technical Tip: nca_s_fault_access_denied

Description This article describes when users will see the AD connector showing down.
Scope All FortiOS versions.
Solution

Sometimes the AD connector is showing down under external connectors.

 

Make sure to check all these things before investigating further:

 

1) Check whether there is reachability with the FSSO agent.

 

2) Check whether the firewall rules on the Microsoft AD server are created to allow ports TCP 8000 and UDP 8002.

 

3) If these steps do not work, it is possible to encounter this:

 

When the packet captures is captured to see the transaction between the fortigate and Microsoft AD, some error stating will appear:

 

'nca_s_fault_access_denied being sent from the server:'.

 

 

This is generally an issue related to Microsoft server where the user trying to add the Fortigate to the domain does not have full access.

 

Reference link:

https://social.technet.microsoft.com/Forums/en-US/8297e1c7-e6d3-4e57-8384-f7f26c9f8d5b/net-user-doma...
3151
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.