NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Article Id 254926
Description This article describes the behavior where SRV record queries are not being made for Persistent Agent communication. The Persistent Agent's host will not attempt to make SRV queries if it does not locate a domain to query.
Scope Agent version 5.x and greater.

1) Confirm the Persistent Agent setting 'discoveryEnabled' is enabled.


For more details, see one of the following sections in the Administration Guide:

Persistent Agent on Windows

Persistent Agent on macOS

Persistent Agent on Linux


2) Collect endstation logs using the applicable KB articles:

Windows Persistent Agent logs

macOS Persistent Agent logs

Linux Persistent Agent Logs


3) Review the general.txt, bndaemon.error.log, or bndaemon log file depending on which Operating System the agent is deployed.  Look for queries to:


4) If no queries are found in the agent log, request the output of ipconfig /all from the endstation.


5) Verify the output of ipconfig /all includes a domain.
Primary DNS Suffix
DNS Suffix Search List

If no domain is listed, the agent client will not attempt to make SRV queries.

6) If there is a domain listed and the agent client is still not attempting to make SRV queries, check to see if there are any entries in the following registry location:

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters --> SearchList


If the SearchList has valid entries, collect the log files and contact Support.

If the SearchList is empty, the agent client will not attempt to make SRV queries.


To bypass the need for SRV queries, distribute Persistent Agent Settings to the hosts specifying the FQDN of the FortiNAC server(s). See Persistent Agent Deployment and Configuration
homeServer (if one FortiNAC server)
allowedServers (if multiple FortiNAC servers)

Other potential solutions (refer to Microsoft documentation for details):
- Set a connection-specific DNS search suffix on the DHCP server.
- Set global suffix for Windows such that the registry key is populated.