Hello all. 

In registering the collector with the super.

/opt/phoenix/bin/phProvisionCollector --add 130859572admin 'passwordomited' <FQDN SIEM> <ORG>  <COLLECTOR NAME>

Error: HTTP Status 401 - Not authorized This request required HTTP authentication.

I am seeking from the community any experience or knowledge of this occurring and the creds NOT being the issue.

I  have found a wealth of connectivity troubleshooting articles. But nothing about  401 Not authorized return code error as a result of phProvisionCollector.

What we checked.

doubled check org name, admin name, etc.
checked the collector exists under their org settings in the SIEM
checked Phoenix log and found "PUT" command error 401 from the collector
we can see the super talking back on port 443
found the ssl_access_log and it to had the 401 error from the collector

Have not verified time sync by running the date command on collector and super,

if they are out of sync, I read that NTP needs to be set on both machines and can only be a 2 min gap.

Have not checked certificate authority. using the wget command on collector.

When we send that argument string across the network to the supervisor I am expecting it to be encrypted, Being new to FortiSIEM,  I wondered how the command is negotiating behind the scenes?

Basic Authentication requires sending appropriate Authorization headers containing Base64-encoded username and password combinations. If these headers are missing or improperly set up during communication between client and server, it can result in receiving a 401 response.

How can I verify the headers are ok would that show in the Phoenix logs? or ssl error and access logs?

Not sure how to debug this issue?

The definitive meaning of 401 is here at the RFC, https://www.rfc-editor.org/rfc/rfc7235#section-3.1

Thanks in advance.

Any help is appreciated.