Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BKP09
New Contributor III

FSSO Collector Agent - missing users

Hello Community,

I will try to be as brief as possible.

A couple of months ago, we installed the collector agent to our two main DCs and respectively the DC agent to a number of DCs across our SDWAN topology. Since the begin the majority of the users are not getting in "Currently logon users" list in FSSO even though when I try to logoff and logon again, even restarting the machine does not help, but when I check Event Viewer on DC the user is successfully logged in / Authenticated. Same thing for new user creation. What we have observed is that the DC agent has the information of the logged in users but the collector does not, it is like they are not synced. Another observation is that the same users appear constantly, a different users will be added to the users that appear on the FGT once in a while. We have a TAC case opened for 2 months with not much progress, we updated the collector to the version they suggested, we checked the registry in the KERBEROS on the DCs, we unistalled and reinstalled the collector and agents. We have now limited the implementation to one collector and two existing Domain Controller agents. In other words, we adjusted the scale of the deployment. 
We have tested any given solution found on the forum i think. We also tried polling mode and the issue persist with the exact same users appearing on the FGT.
Any ideas would be helpful.
BR.

BR, BKP
BR, BKP
3 REPLIES 3
Jean-Philippe_P
Moderator
Moderator

Hello BKP09, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Regards,
Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Regards,
Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello BKP09,

 

I found this solution. Can you tell us if it helps, please?

 

To address the issue where the FSSO Collector Agent is not syncing user logon information from the DC Agents, follow these steps:

  1. Verify Configuration: Ensure that the DC Agents are correctly configured to communicate with the Collector Agent. Check the IP and port settings in the DC Agent configuration to ensure they point to the correct Collector Agent.

  2. Check Network Connectivity: Confirm that there is no network issue between the DC Agents and the Collector Agent. Ensure that the necessary ports are open and there is no firewall blocking the communication.

  3. Review Event Logs: Check the event logs on both the domain controllers and the machine where the Collector Agent is installed for any errors or warnings related to FSSO.

  4. Registry Settings: Double-check the registry settings on the domain controllers to ensure they are correctly configured for the DC Agents. The registry path should be `HKLM/SOFTWARE/Fortinet/FSAE/DCAgent/ca` with the correct IP addresses specified.

  5. Collector Agent Logs: Review the logs on the Collector Agent for any errors or indications of why the user information is not being received or processed.

  6. Group Filters: Ensure that the group filters on the Collector Agent are correctly configured and match the groups you expect to see. Incorrect group filters can prevent users from being reported to the FortiGate.

  7. Bandwidth and Latency: Ensure that the network connection between the domain controllers and the Collector Agent meets the minimum bandwidth requirements (64 kbps) and has low latency.

  8. Reinstallation: If the issue persists, consider uninstalling and reinstalling the DC Agents and Collector Agent, ensuring that all configurations are correctly applied during the installation process.

  9. Consult TAC: Since you have an open TAC case, continue to work with Fortinet support. Provide them with detailed logs and any additional information they request to help diagnose the issue.

If these steps do not resolve the issue, it may require further investigation by Fortinet support to identify any underlying problems specific to your environment.

Regards,
Jean-Philippe - Fortinet Community Team
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors