FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 196869

Description

 

This article describes basic steps to troubleshoot Persistent Agent.

 

Scope

 

FortiNAC.


Solution

 

Define what is not working:

- Sending a message to the host (Host View -> Send message in Administrative UI).

- Agent prompting for user credentials.

- Scanning hosts.

If none of the functions is working.

 

-  Verify agent is installed on the host.
-  If installed, restart the Persistent Agent service. Does this clear the behavior?
-  Verify the date and time are correct on the host.
-  Troubleshoot communication between the agent and NAC.

-  Verify that the MAC address of the device is known as Vendor OUI by NAC.

 

Causes for Communication Failure:

- The ports required for agent/server communications are blocked.  Check network firewalls as well as endstation firewalls. Refer to the related KB article below. 

- SSL Certificate authentication problems (presumes the Persistent Agent Security Setting is enabled).

The agent is unable to validate the authenticity of the SSL Certificate installed on NAC for agent communication.  Refer to related KB articles below.
 

- There is no SSL Certificate installed or it has expired (this assumes the agent does not have Security disabled). Refer to the related KB article below.

- Names used for communicating with NAC and the Name on the Certificate do not match. Refer to the related KB article below.

 

- NAC Vendor OUI repository should have the vendor OUI of the device MAC address listed. Refer to the related KB article below.

- Agent code-related issues. Refer to the related KB article below.

If specific functions do not work:

- Credential Window does not appear for hosts required to either register or authenticate.
Refer to related KB articles below.

- Host is not scanning.


In Host view, 'right-click' on the host and select 'Scan Now'. Note the message that appears. Refer to the related KB article below if an error displays.

If unable to determine the cause of the issue, gather the agent logs from the affected computer and consult Product Support. Refer to the related KB article below.

Related Articles:

Technical Note: Persistent Agent communication ports

Technical Note: Persistent Agents not communicating after installing new SSL certificate

Technical Note: Persistent Agent fails to communicate with 'SSL_get_verify_result' log entry

Technical Note: Agent Message 'computer name in the certificate, bradfordnetworks.com, does not matc...

Technical Tip: Persistent Agent not able to start communication

Technical Note: Persistent Agent message stating names do not match

Technical Note: Communication failures with Persistent Agent 3x

Technical Note: No Persistent Agent credential window popup on Windows

Technical Note: No Persistent Agent credential window popup on Mac-OS-X

Technical Note: Persistent Agent does not display pop-up notifications and messages

Technical Note: 'Error Scanning' message displays when attempting to scan from hosts view

Technical Note: Windows Persistent Agent logs

Technical Note: macOS Persistent Agent logs

Technical Note: Linux Persistent Agent Logs