Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hadisyed
New Contributor

FortiAuth Agent is not hitting after restarting the Windows Server 2012 R2

Hi Community,

 

I installed the fortiauth agent on windows server 2012 R2, after configuring the agent properly everything was working fine. But when we restarted the server the otp login screen is not showing. I uninstalled the agent and reinstalled it again on the server, it was working fine again. but again when i restarted the server, I am facing the same issue. AD users are directly authenticating through AD without asking OTP. 

Please share your expert opinion on this.

 

Regards,

 

Hafiz

1 REPLY 1
Jeremy_Browne_FTNT

Hi Hafiz,

 

I haven't seen previous reports of this behaviour, but if reproducible, it definitely sounds like something (some sort of registry protection feature in another software package? Strict GPOs?) is reverting some/all of the registry changes we make upon reboot. Just to confirm, are the logon prompts with OTP still an available option at the logon screen, with users bypassing it by choosing the built-in one without a token prompt, or is it gone altogether?

 

Assuming it's gone altogether:

Unless whatever is happening breaks it too, you can launch the FortiAuthenticator Agent configuration and look at the sections near the bottom labelled "FortiAuthenticator Agent Service" and "Credential Provider/GINA status". I'm expecting at least the "Credential Provider/GINA status" one to show something wrong, which would be a pretty good clue about the specific registry key(s) being reset. The buttons there permit toggling via the buttons, but don't restore everything that could be going wrong without a reinstall.

 

These registry paths are the likeliest culprits based on what you describe, but we set a few other things too:

HKEY_CLASSES_ROOT\CLSID

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters

We create keys under all of these - a GUID named "{f98ac68d-ae8e-47d8-ab82-f19bcb6328ab}" - I think they're disappearing.

 

Regards,

 

Jeremy

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors