Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
flunaibarra
Staff
Staff

Created on ‎10-24-2025 07:06 AM

Article Id 415040

Troubleshooting Tip: Windows Agent upgrade using Image Server best practice

Description This article describes how to perform and troubleshoot a Windows Agent upgrade using the Image Server.
Scope Windows Agent v5.x to v7.4.x.
Supervisor and Collector v6.x to 7.4.x.
Solution

Prerequisites:

  1. The agent's Status must be Running Active.

    Status.png

     

  2. Verify files 'AutoUpdate.exe', 'FSMLogAgent.exe' before uploading to the Image Server, and make sure the files have a valid signature by 'right-clicking' -> Properties -> Select Fortinet Signature -> Details -> This digital signature is OK.

  3. Upload the files to the Admin -> Settings -> System -> Image Server.
    Note: If the Windows host (Agents) reach the Collector or Supervisor through a Load Balancer or Public IPs, then, before uploading the .exe files to the Image Server, add the load balancer/public IP in Image Server -> Custom Update. Only after that, upload the files. See the  documentation link below: 
    Image Server Settings

  4. Run the Download Image to the Windows host (Agent) in the Health tab.

 

If the Download task failed:

 

Troubleshooting:

 

  1. Confirm that the files have been uploaded to the Supervisor correctly. Run the following command in Supervisor:

 

psql -U phoenix phoenixdb -c "select param_str, progress, status, type from ph_task where type='ImageSetup'";


Progress should indicate 100:

 

  1. On the Windows host, go to the folder C:\ProgramData\FortiSIEM and review the Autoupdate.log for more information about the error/failure.

     

     

  2. Change the Agent's log to Debug mode as the FortiSIEM Windows Agent Installation Guide indicated: 
    Custom Image Server Endpoint

     

 

  • Re-run the Download Image task from the SIEM GUI and review the Agent's C:\ProgramData\FortiSIEM\Agent\Logs\Trace.log.

 

DegubLog.png

 

  • The debug trace.log contains more information about the download URL and errors. 
103
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.