Hi Community,
I installed the fortiauth agent on windows server 2012 R2, after configuring the agent properly everything was working fine. But when we restarted the server the otp login screen is not showing. I uninstalled the agent and reinstalled it again on the server, it was working fine again. but again when i restarted the server, I am facing the same issue. AD users are directly authenticating through AD without asking OTP.
Please share your expert opinion on this.
Regards,
Hafiz
Hi Hafiz,
I haven't seen previous reports of this behaviour, but if reproducible, it definitely sounds like something (some sort of registry protection feature in another software package? Strict GPOs?) is reverting some/all of the registry changes we make upon reboot. Just to confirm, are the logon prompts with OTP still an available option at the logon screen, with users bypassing it by choosing the built-in one without a token prompt, or is it gone altogether?
Assuming it's gone altogether:
Unless whatever is happening breaks it too, you can launch the FortiAuthenticator Agent configuration and look at the sections near the bottom labelled "FortiAuthenticator Agent Service" and "Credential Provider/GINA status". I'm expecting at least the "Credential Provider/GINA status" one to show something wrong, which would be a pretty good clue about the specific registry key(s) being reset. The buttons there permit toggling via the buttons, but don't restore everything that could be going wrong without a reinstall.
These registry paths are the likeliest culprits based on what you describe, but we set a few other things too:
HKEY_CLASSES_ROOT\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
We create keys under all of these - a GUID named "{f98ac68d-ae8e-47d8-ab82-f19bcb6328ab}" - I think they're disappearing.
Regards,
Jeremy
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.