Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
171 views6 pages

FSSO Troubleshooting

The document outlines the steps to troubleshoot issues with the Fortinet Single Sign-On (FSSO) Server. It includes instructions for gathering user information from their PC, checking logon events on the Active Directory server, and verifying user account permissions. Additionally, it specifies the necessary configurations and ports related to FSSO communication.

Uploaded by

darkmod3276
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
171 views6 pages

FSSO Troubleshooting

The document outlines the steps to troubleshoot issues with the Fortinet Single Sign-On (FSSO) Server. It includes instructions for gathering user information from their PC, checking logon events on the Active Directory server, and verifying user account permissions. Additionally, it specifies the necessary configurations and ports related to FSSO communication.

Uploaded by

darkmod3276
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

➢ What IS FSSO-Server active.

In Fortigate Security Fabric/External connectors/ Put mouse over FSSO connector


and wait to know what is FSSO-Server active (highlighted in bold)

➢ Access that server and configure FSSO Agent logging level to debug as follow:
➢ Obtain the following information from the affected user's PC.

In user’s PC, open a command prompt, run follow commands and provide us all outputs:

echo %logonserver%
echo %username%
hostname
ipconfig /all
net use
whoami /groups
time /T
date /T
route print

➢ echo %logonserver% displays the name of the server where the user is logged in, you must identify it
➢ nslookup <ServerName> Can help to know that server IP address.
➢ Access to that AD-Server using RDP, open Event viewer/ Windows Logs/ Security. then be sure “Event ID” and
“Task Category” are completely visible:
➢ 1.Refresh Logons, 2. Find… for username, 3. Find Next until, 4. Seek last logon event, take note of date and time:

➢ Go to user’s PC, lock and unlock Windows session (Windows+L), to generate a new logon event, once unlocked
ensure echo %logonserver% still showing same server.
➢ Go to AD-Server, and repeat procedure to find last logon event, and check if there is a newer event, take note
of Event ID and time, if there isn’t any new logon here is a problem between Windows-PC and Windows
Server.
➢ If there is a new logon event, then go to FSSO Server (identified in first step), open FSSO Collector agent, and
check for user status, take note of Workstation, IP and groups.
➢ If you can’t find any entry for that user, download and provide us Logon Event File:

➢ Provide follow FSSO Configuration Print screens (Click on each button).


➢ Identify the user-account used for run Fortinet Single Sign On process.

➢ Check that user-account permissions, must belongs to Administrators and/or Domain Admins groups:

➢ Windows Firewall and Security suites.

…Pending…

FSSO-DC_Agent-> FSSO-Agent_Collector 8002 UDP


FSSO-Agent_Collector -> Fortigate 8000 TCP

Notes.

DNS updates

Ports.

8002/UDP

8000/TCP

445/TCP

Password mut no contains special characters

Status not verified

You might also like