Having an issue with my employees getting logged in.
Its only happening to random computers and everyday its someone else's.
Its even happened to me as an administrator.
We use Fortinet 2 factor authentication and have a Fortigate firewall.
The issue we are having, is that when an employee tries to log in, they get an error for "incorrect username or password".
I've tried changing passwords, removing the Fortitoken and user from the Fortiauthenticator and then re-adding them, and tried different users to log in. So it doesn't seam like its the user, but actually the PC.
We are currently using Fortiauthenticator v3.8
When we remove the Fortiauthenticator from the computer, the user is able to log in.
Right now its removed from about 20% of our company PC's just so we can have employees logged in and working.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you using Fortigate or Fortiauthenticator for 2FA? What is FAC version?
So the issue is with my 2FA.
Our users have to sign in with:
Username, Password, and fortitoken 6 digit authentication (we use the keyfobs)
Version is 3.8
Hey zkonrad,
thanks for providing the details.
The Windows Agent writes log files you can consult to determine if the issue is with the user credentials for some reason, or the token code. You can find the logs in the installation directory (possibly one of the folders within the installation directory).
In addition, you can check logs on your FortiAuthenticator when the issue happens - there should be a web service/API log for the user login (the Agent checks user credentials via API against FAC), and probably another log for successful or failed token authentication.
Those should give you some idea if FortiAuthenticator randomly has issues with the token code (in which case resyncing the token could help) or with the actual user credentials (in which case there should be some further details as to why user credentials failed, such as unable to contact AD server or an error code)
Based on what you find in the logs, you can then focus your troubleshooting or reach out to the FortiAuthenticator team via a support ticket; Agent support is included in the FortiAuthenticator support.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.