Dear Community,
We have a problem regarding user authentication with FSSO. Some users are not getting in "Currently logon users" list in FSSO even though when I try to logoff and logon again, even restarting the machine does not help, but when I check Event Viewer on DC the user is successfully logged in / Authenticated. I will describe as detailed as I can:
* We have 2 Domain Controllers (Windows Server 2022 Datacenter)
* We do NOT use Explicit Proxy mode. Our fortigate device is Default gateway for users.
1. I have set Firewall Inbound Rules on DC's : UDP/8002, TCP/8000-8001 (For Agent communication)
2. I have set Firewall Inbound Rules for Domain Users: UDP/137-138, TCP/445, WMI (For User workstation check and logoff event).
3. I have installed FSSO Collector Agent (Advanced Mode) and DC Agent on both Domain Controllers. (FSSO_Setup_5.0.0308_x64). Used Domain Admin Credentials.
4. HKLM/SOFTWARE/Fortinet/FSAE/DCAgent/ca - shows both DC IP's on both Domain Controllers.
5. "Show Service Status" displays my Fortigate device.
6. "Show Monitored DCs" displays both DCs on both servers.
7. "Set Directory Access Information" is set to Advanced as I have mentioned above.
But still some users won't get in "Logon users list" even if they logoff and logon to their workstations.
Also I have tried to "Clear User Cache" on FSSO Collectors and Users are getting in list very slowly during busy working hours.
If anyone had same experience and have found a solution to this, I would really appreciate a feedback.
P.S. Is there any way to authenticate user without logging off and log on again? for eg: Authenticate user when user starts a web browser session?
Thanks in Advance
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have managed to solve this issue.
Reinstalled FSSO Collectors and DC Agents on both Domain Controllers.
Confirmed that both Domain Controllers had both entries in regedit: HKLM/SOFTWARE/Fortinet/FSAE/DCAgent/ca (IP's Must be specified with separate lines in regedit).
Rebooted Domain Controllers and it started to work. :)
Hello,
Could you please try the steps as per the below link and let me know if it works
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Windows-event-IDs-used-by-FSSO-in...
Regards,
Nagaraju.
Thank you for your reply. I have not tried it yet, but that would be our last option since it's polling mode. As described in Fortigate Manual, DC Agent Mode is best practice and won't miss any logon event unlike Polling Mode. So I'm still confused why it's not perfectly working in my case. We have 600 Users, I have tested on small number of users (10 Users) and its working normally, but when we try to put it in production around 40% of users are authenticating normally and they can access internet, and 60% get Disclaimer Page, even if they logoff and logon again, they still get Disclaimer Page and can not access Internet.
I have managed to solve this issue.
Reinstalled FSSO Collectors and DC Agents on both Domain Controllers.
Confirmed that both Domain Controllers had both entries in regedit: HKLM/SOFTWARE/Fortinet/FSAE/DCAgent/ca (IP's Must be specified with separate lines in regedit).
Rebooted Domain Controllers and it started to work. :)
Hi @mikatechs - Thank you very much for posting your solution, it has worked for me as well. We were also facing similar issue for user authentication and after removing dead Collector Agent IP's from registry "HKLM/SOFTWARE/Fortinet/FSAE/DCAgent/ca" we can see all user logon events were sent to live collector agent.
Regards,
Swapnil Nawale
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.