This article describes how the FSSO agentless polling on the AD server failed due to NT_STATUS_NETLOGON_NOT_STARTED error.
FortiGate FSSO agentless polling on the AD server.
When troubleshooting on FSSO agentless polling mode issue, the smbcd debug logs would show such connect error message :
smbcd: rpccli_eventlog_open:177 /code/FortiOS/fortinet/daemon/smbcd/smbcd_eventlog.c-177: connect err(NT_STATUS_NETLOGON_NOT_STARTED)
This problem can also be detected via packet capture from AD server response packet during SMB polling request :
Frame 63: 143 bytes on wire (1144 bits), 143 bytes captured (1144 bits)
Ethernet II, Src: VMware_a6:xx:xx (00:50:56:xx:xx:xx), Dst: Fortinet_09:xx:xx
Internet Protocol Version 4, Src: 172.16.1.8, Dst: 172.16.1.1
Transmission Control Protocol, Src Port: 445, Dst Port: 3903, Seq: 706, Ack: 1033, Len: 77
NetBIOS Session Service
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 1
NT Status: STATUS_NETLOGON_NOT_STARTED (0xc0000192)
Command: Session Setup (1)
Credits granted: 1
Flags: 0x00000011, Response, Priority
Chain Offset: 0x00000000
Message ID: 2
Process Id: 0x00000000
Tree Id: 0x00000000
Session Id: 0x00022448b8000019 Acct:Test Domain:SAMBA Host:FGT-FW
Signature: 00000000000000000000000000000000
[Response to: 62]
[Time from request: 0.001637000 seconds]
Session Setup Response (0x01)
[Preauth Hash: cfbb393f465298102d4290d789b3022757e482d4b62687d51f700427b362d9e9806f0170…]
StructureSize: 0x0009
0000 0000 0000 100. = Fixed Part Length: 4
.... .... .... ...1 = Dynamic Part: True
Session Flags: 0x0000
.... .... .... ...0 = Guest: False
.... .... .... ..0. = Null: False
.... .... .... .0.. = Encrypt: False
Blob Offset: 0x00000000
Blob Length: 0
Security Blob: <MISSING>: NO DATA
Check on the target Windows AD server and make sure the NETLOGON service is enabled.
Without the netlogon service enabled, the AD server cannot operate on the network, because it cannot log onto the network using the logon credentials.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.