Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JOSIAH_BOZIAH
New Contributor III

fabric connector not coming up Poll Active directory server does not add Users and Groups to list.

Poll Active directory server does not add Users and Groups to list. When I click Edit and I add users and groups, the Number changes to  from 0 to 3, meaning it added the users and groups. My active directory connector still shows down. see attached images. Not sure what i am missing. when i return to edit users and groups  shows 0 AD.JPGAD2.JPG

I have tried both domain account and local account for the server. Thanks

5 REPLIES 5
xshkurti
Staff
Staff

@JOSIAH_BOZIAH 

 

Could you please provide the output for following command

diagnose debug fsso-polling detail 1

 

 

 

JOSIAH_BOZIAH
New Contributor III

@xshkurti  

FORTIWIFi60E # diagnose debug fsso-polling detail 1
AD Server Status(err: server can not be accessible):
ID=1, name(10.76.12.15),ip=10.76.12.15,source(security),users(0)
port=auto username=sypheit.local\administrator
read log eof=0, latest logon timestamp: Wed Dec 31 19:00:00 1969

polling frequency: every 10 second(s) success(0), fail(376)
LDAP query: success(0), fail(0)
LDAP max group query period(seconds): 0
LDAP status: connected

Group Filter:

xshkurti
Staff
Staff

This error:

"AD Server Status(err: server can not be accessible)"

Seems the same as in this old post:

Poll Active Directory issue after installed the Wi... - Fortinet Community

 

Please to through all the pages on that post

 

 

JOSIAH_BOZIAH
New Contributor III

i am running FortiOs6.4.5 ..looks like i need to get to 6.4.7 for it to work....i am running windows eerver 2019, so i hope that its patched already...not sure what i need to fix...

Debbie_FTNT

Hey Josiah,

if your Windows Server 2019 is up to date, it should have the relevant patches in place; they were published about two years ago I believe. I would suggest upgrading your FortiGate to at least 6.4.7; we are up to version 6.4.14 in the 6.4 branch by now, and a number of vulnerabilities were patched in between.

After you've upgraded the FortiGate, double-check if the issue persists; if yes, you might want to consider a ticket with Fortinet Technical Support to dig into debugging the local poller and connection to AD more in-depth.

What can sometimes help is to change the format of the user you're trying to authenticate with:

Instead of "sypheit.local\administrator" try "administrator@sypheit.local" for example, or just "administrator", and see if that helps.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors