Re: FSSO, DC Agent and Collectors user logon timeout
Collector agent process logons with some internal logic before they will make it to user list, and maybe to connected FortiGate.
1. make sure that workstation is connected to DC (echo %logonserver%) and that this DC is monitored by your DCAgent (as you mentioned Agent mode)
2. make sure the DCAgent does report to your Collector, either from config/registry of DCAgent or check end of exported config from Collector, as if DCAgent is hooked OK it should be listed there
3. make sure that IP/hostname of your workstation is correctly in DNS, as if it will be impossible to resolve hostname from logon event to IP, that event will be discarded => no user list record
4. make sure Collector is able to resolve group membership of spotted users
5. if Collector is set with Group Filter, then make sure user in event does belong to at least one of configured groups in filter. Groups Filters govern which users from global user list on Collector will be sent, according to filter and group membership, to which destination FortiGate (or any connected FortiGate if Global filter is used). If there will be no destination (group filter record) where to send such logon (user's group membership is not used anywhere in filters), then processing of such logon will be terminated as it would be useless.
If user logon makes it so far, then it is in user list on Collector.
If it matches any of the set Group Filters, then this logon is sent to matching FortiGate according to Filters.