Description

This article describes basic steps to troubleshoot the Persistent Agent.

Scope

FortiNAC, FortiNAC-F.

Solution

Define what is not working:

• Sending a message to the host (Host View -> Send message in Administrative UI).
• Agent prompting for user credentials.
• Scanning hosts.

1. If none of the functions are working, check the following:

• Verify the agent is installed on the host. Try reinstalling the Persistent Agent.
• If installed, restart the Persistent Agent service. Check if this clears the behavior.
• Verify the date and time are correct on the host.
• Check if there is traffic between the Persistent Agent and FortiNAC on TCP port 4568.
• Verify that the MAC address of the device is known as Vendor OUI by FortiNAC.

2. Causes for Communication Failure:

• The ports required for agent/server communications are blocked. Check network firewalls as well as endstation firewalls.
• SSL Certificate authentication problems (presuming the Persistent Agent Security Setting is enabled).
• The agent is unable to validate the authenticity of the SSL Certificate installed on NAC for agent c...
• There is no SSL Certificate installed or it has expired (this assumes the agent does not have Security disabled). 
• SSL certificate subject mismatch
• Names used for communicating with FortiNAC and the Name on the Certificate do not match
• FortiNAC Vendor OUI repository should have the vendor OUI of the device MAC address listed
• Agent code-related issues

3. If specific functions do not work:

• Credential Window does not appear for hosts required to either register or authenticate
• Host is not scanning

If it is not possible to determine the cause of the issue, gather the agent logs from the affected computer and consult Product Support. Refer to the related articles below.

Related articles:

Troubleshooting Tip: Connection issues with the Fortinet Persistent Agent

Technical Tip: Windows Persistent Agent logs

Technical Tip: macOS Persistent Agent logs

Technical Tip: Linux Persistent Agent Logs