Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FSSO Polling Not Working


I'm configuring a FGT with FSSO in polling mode without agent for a small network.  I'm having some issues. I don't see any FSSO users but the Active Directory connector is up.

And see the following output from the comand "diag debug application fsso 255" 

[fsso_ldap_session_state:73] ldap session state transit from init->user for user karina. [fsso_ldap_session_state:73] ldap session state transit from user->done for user karina. [event_add_logon_info:352] eid=4776, logon=[Administrador], ipaddr=[], station=[name], domain=[], clt_workstation=, port=0, tm=1545257899 [event_add_logon_info:352] eid=4776, logon=[katherine], ipaddr=[], station=[\\IBR], domain=[], clt_workstation=, port=0, tm=1545257918 [event_add_logon_info:374] no domain from [event_add_logon_info:352] eid=4776, logon=[importaciones], ipaddr=[], station=[ECS], domain=[], clt_workstation=, port=0, tm=1545257912 [event_add_logon_info:374] no domain from


Any ideas of what might be the problem? 




Is the workstation logged into the domain ?

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC L3 Escalations engineer


Hello Tomas,

Yes, the workstation is logged into the domain. I see the same message for every logon event in the network.  The Domain Controller is IP address .215. I guess for some reason I'm not getting the Domain from the Controller so FGT cannot solve de Computers name to an IP Address and I don't see any logon as a result:

# diag debug auth fsso list ----FSSO logons---- Total number of logons listed: 0, filtered: 0 ----end of FSSO logons----


# diag debug authd fsso server-status # Server Name                          Connection Status     Version               Address -----------                          -----------------     -------               ------- Local FSSO Agent                     connected             FSAE server 1.1 Server Name                          Connection Status     Version               Address



New Contributor

** Update

Checking on the   fsso-polling detail I see the messge LDAP query fail 



diag debug fsso-polling detail

AD Server Status(connected): ID=1, name(,ip=,source(security),users(0) port=auto username=Administrador read log eof=1, latest logon timestamp: Thu Dec 20 16:20:57 2018

polling frequency: every 10 second(s) success(17456), fail(0) LDAP query: success(0), fail(1821) LDAP max group query period(seconds): 1 LDAP status: connected


Bonjour tout le monde j'ai un fgt 501E j'ai configuré le fsso, le LDAP fonctionne correctement , FSSO reconnait les utilisateurs, leurs groupes ainsi, que le domaine au quel ils appartiennent. Seulement lorsque j'active une politique d'authentification , les différents users créés n'arrivent plus à communiquer ni avec le fgt ni avec les autres utilisateurs