Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kcheng
Staff
Staff

Created on ‎09-01-2022 01:17 AM

Article Id 222558

Technical Tips: Poll Active Directory (FSSO) connection status down despite authentication successful

Description

This articl illustrates the issue where the connection status to AD is successful, but the AD connector status is down.

 

kcheng_0-1662019120375.pngkcheng_1-1662019175278.png

 

The connector settings is  configured as below:

 

kcheng_3-1662019410593.png

 

It is possible to run debug to check for the error message:

 

# diag deb authd fsso -1

# diag deb en

 

An error message appears for 'wrong format of data status, len 8 <> 4'.

 

Although, it is possible to see that the authentication is successful:

 

kcheng_4-1662019502060.png
Scope FortiGate, FSSO Polling mode.
Solution

The username in FSSO Connector Settings should not include the domain. Once removing the domain portion from the Connector Settings, the domain was removed:

 

kcheng_5-1662019600304.png

 

Turn on the debug to verify if the connection is proceeding accordingly:

 

kcheng_6-1662019728711.png

 

Based on the above debug log, it is possible to see that LOGON info is correctly transmitted.

FortiGate GUI is also showing that the connector connectivity is up and successful:

 

kcheng_7-1662019833099.png
Labels:
407
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.