8 Troubleshoot FSSO Collector Issues Really, Really Long!

Рет қаралды 14,832

Күн бұрын

So painful! In this video, everything broke when I did updates on my Domain Controller and rebooted. See me struggle through troubleshooting FSSO Collector and Workstation verification issues.

Пікірлер: 21

@systeemsysteem0623 4 жыл бұрын

i am so thankful for this video, because i've set my fsso up with help from fortinet and one month after started having problems. SO this video shows that i'm not alone

@crystianozorio7380 6 ай бұрын

Nice videos. I have a question I have FSSO and fortiproxy, but my users (not all) lo sé network conection I need to run flush DNS, restart or leave and enter to domain again the computers to have network conection again do you think is a DNS problem?

@tomato524308 Жыл бұрын

Thanks a ton... It helped me at 10:17... Thank you so much!!

@tusharnaik4710 5 жыл бұрын

Very very useful video

@Philb666666 Жыл бұрын

hi - thanks - I need to block admin accounts(internet access . but what im finding is that IT users who are logged on to their tablet with their user account - are having their entire tablet browsers blocked to the internet as they run some things as admin on their tablet - how can i resolve this please - when i look at the agent sure enough the IP of tablet is mapped in as their admin account. despite being logged on to windows as just user

@malabarism546 3 жыл бұрын

thanks a lot for this vidéo, it helped us a lot :)

@LuisRamirez-qd2gy 6 жыл бұрын

Maybe de problem (idk), is that you Allow the "Windows Management Instrumentation (WMI)”, only on Support-PC, and Sally's or Paul's you did not. Could Try.

@lordking55 4 жыл бұрын

That is really a good video . i have a problem , sometimes a computer has an ip in the dc agent which is not the real ip in that time , so there is no internet access in that machine unless i manually assign the cashed ip address in the dc agent to that machine , and internet can be accessed now , how to resolve that problem in another way and why does it happens ? and why i cannot remove a single chashed line for a machine in the dc agent , while the available is to clear all users cash and that is not good options ? accept my regards and waiting your generous reply

@DevinAdams 4 жыл бұрын

Unfortunately I do not have my test lab anymore (I am no longer a Fortinet instructor) but I do know that when people log into the domain, The computers fully qualified domain name gets listed. It is still the collector's agent that does the DNS lookups for the IP addresses. There are timers on that collector agent too that you can tweak If you feel like you need to be more aggressive with your IP addresses. I wish I could lab it up and try it out for you sir! But that is my first guess. Also don't be shy to contact their technical assistance if you have a support contract. They can probably help you figure out why it's not working.

@lordking55 4 жыл бұрын

@@DevinAdams Thank you sir , i will try tweaking some settings and test again , and will contact their support maybe .

@SoulJah876 5 жыл бұрын

Hmm but if you don't have your admin credentials collected then how would you create specific user access control policies for admins?

@DevinAdams 5 жыл бұрын

You would have to go through your System Admins! :-) This has been brought up several times in class. It falls into the idea of separation of duties. If you have one person controlling the group permissions in Windows AD, it is technically more secure than having a single Admin doing everything. Now if you didn't have the Admin rights to do this in AD, there is nothing you can do unfortunately. :-(

@rodolfoluft6890 3 жыл бұрын

Hello Devin. I watched this video due to a problem with FSSO when clients move through vlans. IP changes and it seems DNS doesn't take updates, sothe users are no more recognized and browse internet with guest profile. I hoped to find something in this video, but unfortunately not , and the troubleshooting seems to be not fully completed. Do you know why or how the problem happens? Thx in advance.

@usamasafdar6053 2 жыл бұрын

Hey Rodolfo, I am facing same issue. Did you find something out ?

@punitdubey3849 2 жыл бұрын

I am facing same issue. Did you find something out ?

@tusharnaik4710 4 жыл бұрын

Hi Davin, I have seen some cases like user login to the computer but they are not reflecting in windows server FSSO collector (show logon).i checked event viewer status was logon. DC agent mode issue but when i change mode to polling mode user started reflecting..what steps we can perform any hits ?

@DevinAdams 4 жыл бұрын

Sounds like it's a local firewall between the DC agents and The collector or The collector and the fortigate. Try turning off Windows firewall and see if it doesn't fix the issue. If it does you know you'll need to punch some holes in the local Windows firewall. Can't remember what ports off the top of my head but it is on the configuration application of The collector agent. Good luck!

@tusharnaik4710 4 жыл бұрын

@@DevinAdams I have already allow 8000 and 8002 port open .when i enable polling mode i can see more user but if DC agent no user

@DevinAdams 4 жыл бұрын

@@tusharnaik4710 it could be a user monitor selection? I'm not too sure without seeing it. Did you reboot the domain controllers? That's another thing that has to happen.