Link to home
Start Free TrialLog in
Avatar of SUMMERCOKE77
SUMMERCOKE77

asked on

Fortigate 5.2.4 FSSO Cannot Authenticate and User Name Not shown in Traffic Log

Dear All,

My environment
Fortigate 100D v5.2.4,build688 (GA)
Active-Passive HA Cluster
Windows 2012 R2 Standard AD Server

I am setting a test policy that required FSSO AD authentication.

I have done the following successfully

1) User & Device->Authentication->LDAP Server created successfully and test was success
2) User & Device->Authentication->Single Sign-On Created sucessfully with AD "Domain Users" user group specified with status connected.
3) FSSO using DC-Agent is installed/Working successfully in my DC, i can see in service status that firewall is connected.
4) In FSSO agent in DC i can see the group filter reflecting the single-sign-on filter specified in 2)
5) Agent AD access mode : standard

Verified from CLI

[FORTIGATE] # diag deb auth fsso server-status
[FORTIGATE] #
Server Name                       Connection Status     Version
-----------                       -----------------     -------
FORTINET_AGENT1                      connected             FSSO 5.0.0241

but when i do the following :

[FORTIGATE]  # diag deb auth fsso list
----FSSO logons----
Total number of logons listed: 0, filtered: 0
----end of FSSO logons----

it seems to me that the FSSO agent is not working successfully

i verified the data of the logon users in FSSO Agent
i can retrieve a list of AD users that is logon in my environment.
i can see the firewall is connected in agent installed in DC "Show Service Status"
but when I click "Get NTLM statistic" all reading is 0 ... (see attached picture)

Following is the Log I Extracted from my DC with Agent Installed
=========================================================================================
01/15/2016 00:02:38 [ 1940] Fortinet Single Sign On Agent version 5.0.0241 starts ...
01/15/2016 00:02:39 [ 1940] error prase file header:C:\Program Files (x86)\Fortinet\FSAE\TSAgentSyncID.dat
01/15/2016 00:02:48 [ 5376] FortiGate:[FIREWALL_S/N] connected on socket (1496).
01/15/2016 00:02:48 [ 5376] group filter received from FortiGate: len:66
01/15/2016 00:02:48 [ 5376]       CN=ITD,CN=Users,DC=[DOMAIN_NAME]
01/15/2016 08:27:14 [ 7636] dump NTLM statistics...
01/15/2016 08:27:14 [ 7636] NTLM message received:0
01/15/2016 08:27:14 [ 7636] NTLM message received(type1):0
01/15/2016 08:27:14 [ 7636] NTLM message received(type3):0
01/15/2016 08:27:14 [ 7636] NTLM message processed:0
01/15/2016 08:27:14 [ 7636] NTLM message processed(type1):0
01/15/2016 08:27:14 [ 7636] NTLM message processed(type3):0
01/15/2016 08:27:14 [ 7636] NTLM message in queue:0
01/15/2016 08:27:14 [ 7636] NTLM request auth OK:0
01/15/2016 08:27:14 [ 7636] NTLM request auth OK, no group:0
01/15/2016 08:27:14 [ 7636] NTLM request auth Failed:0
01/15/2016 08:27:14 [ 7636] NTLM request max process time:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 0 and 1 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 1 and 2 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 2 and 3 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 3 and 4 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 4 and 5 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 5 and 6 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 6 and 7 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 7 and 8 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 8 and 9 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM requests takes between 9 and 10 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM request takes >10 seconds to process:0
01/15/2016 08:27:14 [ 7636] NTLM request count:0
01/15/2016 08:27:17 [ 7636] dump NTLM statistics...
01/15/2016 08:27:17 [ 7636] NTLM message received:0
01/15/2016 08:27:17 [ 7636] NTLM message received(type1):0
01/15/2016 08:27:17 [ 7636] NTLM message received(type3):0
01/15/2016 08:27:17 [ 7636] NTLM message processed:0
01/15/2016 08:27:17 [ 7636] NTLM message processed(type1):0
01/15/2016 08:27:17 [ 7636] NTLM message processed(type3):0
01/15/2016 08:27:17 [ 7636] NTLM message in queue:0
01/15/2016 08:27:17 [ 7636] NTLM request auth OK:0
01/15/2016 08:27:17 [ 7636] NTLM request auth OK, no group:0
01/15/2016 08:27:17 [ 7636] NTLM request auth Failed:0
01/15/2016 08:27:17 [ 7636] NTLM request max process time:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 0 and 1 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 1 and 2 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 2 and 3 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 3 and 4 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 4 and 5 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 5 and 6 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 6 and 7 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 7 and 8 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 8 and 9 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM requests takes between 9 and 10 seconds to process:0
01/15/2016 08:27:17 [ 7636] NTLM request takes >10 seconds to process:0

what went wrong here ?

any pointer ?
NTLM.png
ServiceStatus.png
GroupFilter.png
AD-Access-Mode.png
ASKER CERTIFIED SOLUTION
Avatar of SUMMERCOKE77
SUMMERCOKE77

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ylann Jourdren
Ylann Jourdren

You rock, helped me.

Thanks!