Hi all - have FSSO in DC agent mode missing logon events and producing the following error in the dcagentlog (when logging enabled). I have a call open with support, but expect the forums could beat them to the fix the speed they are returning to my issues at the moment. Anyone with any ideas?
02/25/2021 17:31:51.428: processing Logon (level=1, logonid=0-0) WINCHNT\jgXXX (James XXX) from DESKTOP-WCCJB7E
Domain:WINCHNT DNS suffix added:XXX.uk.
Too much request in the queue, discard this logon event, domain:WINCHNT, workstation:DESKTOP-WCCJB7E, user:jgXXX, request in queue:100001
02/25/2021 17:31:51.428: finish processing.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
How the configuration is done in your Fortigate? Poll Active Directory or Full Collector?
I already saw some installation where Polling was not fast enough to process all requests.
The most stable configuration is:
DC Agent installed on all Active Directory Domain Controllers
Collector on one or two servers or AD, two is only for redundancy purpose
FSSO Agent on Windows AD configured in the Fortigate (External Connectors).
With this configuration, I saw more than 800 computers in less than 15 minutes loging on the domain.
I hope it helps! :)
Regards,
Philippe
I am running full DC agent and collector on each domain controller, but seems that cannot keep up.
User group source? Local or Collector Agent in the Fortigate.
In the collector: standard or advanced?
User group source? Local or Collector Agent in the Fortigate. --> tried both, still fails
In the collector: standard or advanced? --> tried both, still fails
Hi James,
Did you find a solution?
Is the collector runs as a Domain user that can read Security Event Log? And where the collector is installed?
Regards
Set "donot_resolve = 1" in the registry key of the FSSO DC agent
It can happen when the DC agent cannot resolve DNS names. Can I ask you please to follow this KB and disable DNS name lookup on DC Agent: https://kb.fortinet.com/k....do?externalID=FD37705
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.