Created on 10-01-2018 12:35 AM Edited on 02-14-2023 07:28 AM By Jean-Philippe_P
Description
This article describes basic steps to troubleshoot Persistent Agent.
Scope
FortiNAC.
Solution
Define what is not working:
- Sending a message to the host (Host View -> Send message in Administrative UI).
- Agent prompting for user credentials.
- Scanning hosts.
If none of the functions is working.
- Verify agent is installed on the host.
- If installed, restart the Persistent Agent service. Does this clear the behavior?
- Verify the date and time are correct on the host.
- Troubleshoot communication between the agent and NAC.
- Verify that the MAC address of the device is known as Vendor OUI by NAC.
Causes for Communication Failure:
- The ports required for agent/server communications are blocked. Check network firewalls as well as endstation firewalls. Refer to the related KB article below.
- SSL Certificate authentication problems (presumes the Persistent Agent Security Setting is enabled).
- There is no SSL Certificate installed or it has expired (this assumes the agent does not have Security disabled). Refer to the related KB article below.
- Names used for communicating with NAC and the Name on the Certificate do not match. Refer to the related KB article below.
- NAC Vendor OUI repository should have the vendor OUI of the device MAC address listed. Refer to the related KB article below.
- Agent code-related issues. Refer to the related KB article below.
If specific functions do not work:
- Credential Window does not appear for hosts required to either register or authenticate.
Refer to related KB articles below.
- Host is not scanning.
In Host view, 'right-click' on the host and select 'Scan Now'. Note the message that appears. Refer to the related KB article below if an error displays.
If unable to determine the cause of the issue, gather the agent logs from the affected computer and consult Product Support. Refer to the related KB article below.
Related Articles:
Technical Note: Persistent Agent communication ports
Technical Note: Persistent Agents not communicating after installing new SSL certificate
Technical Note: Persistent Agent fails to communicate with 'SSL_get_verify_result' log entry
Technical Tip: Persistent Agent not able to start communication
Technical Note: Persistent Agent message stating names do not match
Technical Note: Communication failures with Persistent Agent 3x
Technical Note: No Persistent Agent credential window popup on Windows
Technical Note: No Persistent Agent credential window popup on Mac-OS-X
Technical Note: Persistent Agent does not display pop-up notifications and messages
Technical Note: 'Error Scanning' message displays when attempting to scan from hosts view
Technical Note: Windows Persistent Agent logs
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.