No connection after login -> need reboot

Author
Eleguardini
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/21 03:06:25
  • Status: offline
2019/09/21 12:50:16 (permalink)
0

No connection after login -> need reboot

Hi to everybody,
hoping to have chosen the right group, here's my problem:
one week ago one of my clients started complaining about the fact that, after they login in the pc, there wasn't any connection; the pc was able to ping other clients inside the lan (so apparently ip was given) but not outside. They tried rebooting the pc one to three times and, at that point, the connection began to work again (as far as I know some of them use the "clean boot" method, the clients are windows 10/7). The fortigate has configured the LDAP server with a FSSO Agent installed on each DC (they are 2), of which I've uploaded the configuration (removing the sensitive information).
Does someone have experienced such issue?
Thank you in advance for your help.
Eleonora
#1
xsilver
Expert Member
  • Total Posts : 444
  • Scores: 99
  • Reward points: 0
  • Joined: 2015/02/02 03:22:58
  • Location: EMEA
  • Status: offline
Re: No connection after login -> need reboot 2019/09/23 02:29:02 (permalink)
0
Hi,
from attached config it seems that you are using NetAPI polling method only.
Collector will listen to DC/TS Agents but there is not a single agent seen in config, not sure if due to config sanitation before post or because there is no agent installed anywhere on DC.
 
NetAPI polling is a bit old method and if you do not poll in time then logon loss might happen.
 
Therefore, if your domain consist of Windows 2008 DCs or newer, I would strongly recommend to switch to WinSec polling, or even to WinSec+WMI polling method. Those methods do not loose logons but if there is too many logons in WinSec log the collector might get slightly behind the rate of logons, but will never loose a logon, just delay its processing.
Poll all the DCs for the respective domain, with RODC exemption.
 
If you do use DCAgents and they were just removed from presented config, then make sure you have agents installed on all DCs as well. As workstation might choose different logon server then you are reading data from and then you might not see logon.
Successful logon audit needs to be set cross whole domain, via GPO, and applied on all domain DCs.
 
Then you should spot logon events, not miss any, and process in time.
As result you should have user logon list populated on Collector.
And such logons pushed to connected FortiGates according to Group Filters set (and I would highly recomend to set filters either from Collector side or from FortiGate side [that's what LDAP is used for in FSSO Agent setup]).

Kind Regards,
Tomas
#2
Jump to:
© 2019 APG vNext Commercial Version 5.5