Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kctesting77
New Contributor

[FSSO] - Users disappear from logon users list

Hi,

 

I have a number of users who build local VMs on their on Workstations.

They use Hyper-V and build W10 VMs which are joined to the domain.

 

When they RDP / Login directly through the console to the VM, everything is fine and I can see the user in FSSO Collector with the correct IP but few minutes later the user disappears from Logon users list.

 

I enabled Debug Logging and I noticed this WMI check failure which I believe is the main culprit.

 

09/05/2018 11:45:51 [ 2880] wksta_check_wmi: cannot get UserName, error code:0x0 09/05/2018 11:45:51 [ 2880] wksta_check: user:domain\user1 is no longer logged on to workstation.domain.com (172.17.1.2) 09/05/2018 11:45:51 [ 2880] after workstation checking: workstation.domain.com

 

All VMs built are W10 and WMI checks are supported + the account which runs FSSO Collector Service is Domain Admin with Full access to all Workstations.

I was also thinking to disable WMI checks but the feature is useful and I wonder what impact will have on logoff checks.

 

Any advice please?

 

Fortigate Firmware: 5.4.4,build1117

FSSO Collector: 5.0.0254

Upgrade is not an option for us at this point in time.

 

 

 

 

7 REPLIES 7
kctesting77
New Contributor

Just to mention that I can access remotely the WMI Control for the VMs from the Server where FSSO Collector is installed with the account which is running FSSO Collector.

kctesting77

Anyone with a wild guess? :)

Ashik_Sheik

Hi,

 

Just check if following post will help your to resolve your issues .

 

https://forum.fortinet.com/tm.aspx?m=150630 

 

Regds,

 

Ashik

Ashu 

 

Ashu
kctesting77

Thank You Ashik,

 

I've seen that post but I don't want to disable WMI especially that I access the WMI Control remotely from server where Collector is installed; + is not quite clear on what happens when you have DC Agent(s) and disable WMI check?

pami

Hi kctesting77,

 

FSSO does workstation check (check if user still logged in) via WMI, by requesting "username" from computersystem.

However, with RDP, this value is empty. This is what triggers the de-authentication. (Collector things the user logged off)

 

This should be fixed since FSSO version 5.0.0257 (different method of checking for RDP). Check your version of FSSO, and upgrade if needed.

kctesting77

It happens when RDP or Console to it directly from Hyper-V Manager.

FSSO version is 5.0.0254 as mentioned above and cannot upgrade at the moment.

 

I disabled WMI check which seems to work for now even though I'm not happy with it...

 

Planning to upgrade Firewalls and FSSO to the latest stable Firmware which is ready for Production ( e.g. 5.6.x)

scerazy
New Contributor III

I had quite few users disappear from Show Logon Users in FSSO Agent in DC mode

 

I could see user being logged in to workstation (I was at this workstation) and then no more user in Agent, hence no internet access (with my setup of Policies)

 

Any idea why it could possibly be (user did not log off)

 

Seb

 

Labels
Top Kudoed Authors