Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
recha
New Contributor III

FSSO OK for everyone except for PC with Windows XP

Hi guys,

 

I have a client with FSSO enable on this LAN. (fortigate 100D 5.4.4)

 

Everything is OK for their RDS Farm, local computer too except for 3 users.

This 3 users have a workstation with Windows XP.

So i think, there is maybe a little issue on that OS for FSSO, but i don't find anything about this issue on the web.

 

I was guessing that it was an issue about NTLM authentication (in my memory, XP use first LM authentication).

So i changed security policy to enable NTLMv2 only and refuse LM, but the issue is still here.

 

Can someone confirme me that there is no specific issue between XP and FSSO please?

 

Thanks

1 REPLY 1
xsilver_FTNT
Staff
Staff

Hi recha,

 

as they do domain logons, probably, then why NTLM ? (regardless I think it should work, but have no XP in lab anymore).

If you have Collector agent then read events from those  XP workstations via WinSec or DCAgent and it worked for me in past.

 

Set Collector's log to debug level temporarily and see why those 3 XPs are having a hard times.

Maybe the can get into FSSO list but they are removed during workstation check as by default MSFT workstations do not have Remote Registry Service running and I guess that XP do not support WMI as it came with Win2000 and later models as standard API replacing RDP/RPC calls.

 

Kind regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors