Hot!FSAE collectoragent.exe DCOM errors Event ID 10028

Author
Frosty
Gold Member
  • Total Posts : 175
  • Scores: 11
  • Reward points: 0
  • Joined: 2010/11/03 15:53:40
  • Status: offline
2019/04/02 17:36:08 (permalink)
0

FSAE collectoragent.exe DCOM errors Event ID 10028

We've been running FSAE/FSSO collector agents on our DCs for some time and everything seems to be working just fine in terms of user authentication in the firewall.
But I have noticed DCOM errors in the Event Log on the main DC, such as the following:
 
Event ID = 10028
Source = DistributedCOM
Message = DCOM was unable to communicate with the computer 10.20.30.40 using any of the configured protocols; requested by PID 999 (C:\Program Files (x86)\Fortinet\FSAE\collectoragent.exe).
 
Investigations of the IP Addresses reported show that these errors occur in 2 specific scenarios:
(1)  when one of our Fuji Xerox printers is used by a staff member to Scan a document which is saved to an SMB File Share on a server (there is a domain user account used by the printer to authenticate access to the share); or
(2)  when our Barracuda Message Archiver checks user mailboxes in Exchange to synchronise the list of mailbox folders (this runs under a specific domain user account each evening)
 
I have tried excluding the 2 x domain user accounts used by those processes, so that the collector 'ignores' them.  This has NOT fixed the Event Log errors.
 
Q.  is there any way to tell the Collector to ignore specific IP Addresses on the network?  (there is no point it trying a DCOM connection to the BMA or to a Printer).
post edited by Frosty - 2019/04/04 14:09:55
#1

4 Replies Related Threads

    Alivo_ FTNT
    Silver Member
    • Total Posts : 71
    • Scores: 22
    • Reward points: 0
    • Joined: 2013/04/30 12:42:47
    • Location: Fortinet TAC Prague
    • Status: offline
    Re: FSAE collectoragent.exe DCOM errors Event ID 14554 2019/04/04 01:58:50 (permalink)
    5 (1)
    Hello Frosty,
     
    What should work is editing Windows AD registry with specific IP (not range) :
     
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\collectoragent  > dc_agent_ignore_ip_list
    > modify > Value Data: 10.20.30.40;
    Multiple values separated by semicolon.
     
    P.S. wanted to add picture but it fails
    Alivo
    #2
    Alivo_ FTNT
    Silver Member
    • Total Posts : 71
    • Scores: 22
    • Reward points: 0
    • Joined: 2013/04/30 12:42:47
    • Location: Fortinet TAC Prague
    • Status: offline
    Re: FSAE collectoragent.exe DCOM errors Event ID 14554 2019/04/04 02:03:18 (permalink)
    5 (1)
    screenshot

    Attached Image(s)

    #3
    Frosty
    Gold Member
    • Total Posts : 175
    • Scores: 11
    • Reward points: 0
    • Joined: 2010/11/03 15:53:40
    • Status: offline
    Re: FSAE collectoragent.exe DCOM errors Event ID 14554 2019/04/04 14:02:56 (permalink)
    0
    Hey!  Thanks so much Alivo!
    I tried this registry setting on the main DC a few minutes ago, then kicked off one of the synchronisation jobs on the Barracuda Message Archiver.  So far, so good, no new DCOM errors reported.
    I'll know for sure tonight when the main sync tasks run.
    Cheers,
    Frosty
     
    EDIT: there is an error in my original post; Event ID = 10028 (not 14554)
    post edited by Frosty - 2019/04/04 14:09:30
    #4
    Frosty
    Gold Member
    • Total Posts : 175
    • Scores: 11
    • Reward points: 0
    • Joined: 2010/11/03 15:53:40
    • Status: offline
    Re: FSAE collectoragent.exe DCOM errors Event ID 14554 2019/04/07 22:52:17 (permalink)
    0
    Can now confirm, this indeed fixed my DCOM error issues; none reported since applying the registry setting 'fix'.
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5