Hi,
I have a number of users who build local VMs on their on Workstations.
They use Hyper-V and build W10 VMs which are joined to the domain.
When they RDP / Login directly through the console to the VM, everything is fine and I can see the user in FSSO Collector with the correct IP but few minutes later the user disappears from Logon users list.
I enabled Debug Logging and I noticed this WMI check failure which I believe is the main culprit.
09/05/2018 11:45:51 [ 2880] wksta_check_wmi: cannot get UserName, error code:0x0 09/05/2018 11:45:51 [ 2880] wksta_check: user:domain\user1 is no longer logged on to workstation.domain.com (172.17.1.2) 09/05/2018 11:45:51 [ 2880] after workstation checking: workstation.domain.com
All VMs built are W10 and WMI checks are supported + the account which runs FSSO Collector Service is Domain Admin with Full access to all Workstations.
I was also thinking to disable WMI checks but the feature is useful and I wonder what impact will have on logoff checks.
Any advice please?
Fortigate Firmware: 5.4.4,build1117
FSSO Collector: 5.0.0254
Upgrade is not an option for us at this point in time.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Just to mention that I can access remotely the WMI Control for the VMs from the Server where FSSO Collector is installed with the account which is running FSSO Collector.
Anyone with a wild guess? :)
Hi,
Just check if following post will help your to resolve your issues .
https://forum.fortinet.com/tm.aspx?m=150630
Regds,
Ashik
Thank You Ashik,
I've seen that post but I don't want to disable WMI especially that I access the WMI Control remotely from server where Collector is installed; + is not quite clear on what happens when you have DC Agent(s) and disable WMI check?
Hi kctesting77,
FSSO does workstation check (check if user still logged in) via WMI, by requesting "username" from computersystem.
However, with RDP, this value is empty. This is what triggers the de-authentication. (Collector things the user logged off)
This should be fixed since FSSO version 5.0.0257 (different method of checking for RDP). Check your version of FSSO, and upgrade if needed.
It happens when RDP or Console to it directly from Hyper-V Manager.
FSSO version is 5.0.0254 as mentioned above and cannot upgrade at the moment.
I disabled WMI check which seems to work for now even though I'm not happy with it...
Planning to upgrade Firewalls and FSSO to the latest stable Firmware which is ready for Production ( e.g. 5.6.x)
I had quite few users disappear from Show Logon Users in FSSO Agent in DC mode
I could see user being logged in to workstation (I was at this workstation) and then no more user in Agent, hence no internet access (with my setup of Policies)
Any idea why it could possibly be (user did not log off)
Seb
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.