FSSO missing user logon events in DC agent mode - "Too much request in the queue" | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB
Fuse
- Fuse Fortinet User Community

Mark Thread UnreadFlat Reading Mode ❐

Hot!FSSO missing user logon events in DC agent mode - "Too much request in the queue"

Author Post Essentials Only Full Version
James_G Gold Member Total Posts : 264 Scores: 15 Reward points: 0 Joined: 2016/02/28 02:55:47 Status: offline 2021/02/25 09:54:06 (permalink) 0 FSSO missing user logon events in DC agent mode - "Too much request in the queue" Hi all - have FSSO in DC agent mode missing logon events and producing the following error in the dcagentlog (when logging enabled). I have a call open with support, but expect the forums could beat them to the fix the speed they are returning to my issues at the moment. Anyone with any ideas? 02/25/2021 17:31:51.428: processing Logon (level=1, logonid=0-0) WINCHNT\jgXXX (James XXX) from DESKTOP-WCCJB7E Domain:WINCHNT DNS suffix added:XXX.uk. Too much request in the queue, discard this logon event, domain:WINCHNT, workstation:DESKTOP-WCCJB7E, user:jgXXX, request in queue:100001 02/25/2021 17:31:51.428: finish processing. post edited by James_G - 2021/02/25 09:55:20 #1 6 Replies Related Threads
Philippe Gagne Bronze Member Total Posts : 55 Scores: 6 Reward points: 0 Joined: 2015/06/25 17:55:25 Location: Trois-Rivieres Status: offline Re: FSSO missing user logon events in DC agent mode - "Too much request in the queue" 2021/02/25 10:02:55 (permalink) 0 Hi, How the configuration is done in your Fortigate? Poll Active Directory or Full Collector? I already saw some installation where Polling was not fast enough to process all requests. The most stable configuration is: DC Agent installed on all Active Directory Domain Controllers Collector on one or two servers or AD, two is only for redundancy purpose FSSO Agent on Windows AD configured in the Fortigate (External Connectors). With this configuration, I saw more than 800 computers in less than 15 minutes loging on the domain. I hope it helps! :-) Regards, Philippe #2
James_G Gold Member Total Posts : 264 Scores: 15 Reward points: 0 Joined: 2016/02/28 02:55:47 Status: offline Re: FSSO missing user logon events in DC agent mode - "Too much request in the queue" 2021/02/25 10:07:23 (permalink) 0 I am running full DC agent and collector on each domain controller, but seems that cannot keep up. #3
Philippe Gagne Bronze Member Total Posts : 55 Scores: 6 Reward points: 0 Joined: 2015/06/25 17:55:25 Location: Trois-Rivieres Status: offline Re: FSSO missing user logon events in DC agent mode - "Too much request in the queue" 2021/02/25 10:10:01 (permalink) 0 User group source? Local or Collector Agent in the Fortigate. In the collector: standard or advanced? #4
James_G Gold Member Total Posts : 264 Scores: 15 Reward points: 0 Joined: 2016/02/28 02:55:47 Status: offline Re: FSSO missing user logon events in DC agent mode - "Too much request in the queue" 2021/02/25 10:18:52 (permalink) 0 User group source? Local or Collector Agent in the Fortigate. --> tried both, still fails In the collector: standard or advanced? --> tried both, still fails #5
Philippe Gagne Bronze Member Total Posts : 55 Scores: 6 Reward points: 0 Joined: 2015/06/25 17:55:25 Location: Trois-Rivieres Status: offline Re: FSSO missing user logon events in DC agent mode - "Too much request in the queue" 2021/02/26 13:46:40 (permalink) 0 Hi James, Did you find a solution? Is the collector runs as a Domain user that can read Security Event Log? And where the collector is installed? Regards #6
James_G Gold Member Total Posts : 264 Scores: 15 Reward points: 0 Joined: 2016/02/28 02:55:47 Status: offline Re: FSSO missing user logon events in DC agent mode - "Too much request in the queue" 2021/02/27 02:01:09 (permalink) 5 (1) Set "donot_resolve = 1" in the registry key of the FSSO DC agent It can happen when the DC agent cannot resolve DNS names. Can I ask you please to follow this KB and disable DNS name lookup on DC Agent: https://kb.fortinet.com/k....do?externalID=FD37705 #7

Jump to:

© 2021 APG vNext Commercial Version 5.5