Hot!Poll Active Directory issue after installed the Windows Server update KB5004948

Author
clicerioneto
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/03/31 03:38:27
  • Status: offline
2021/07/13 07:57:07 (permalink) 6.2
0

Poll Active Directory issue after installed the Windows Server update KB5004948

Hi,
 
After applied Windows cumulative update KB5004948 in my environment, the Poll Active Directory is appearing the following error:

# diagnose debug fsso-polling detail 1
AD Server Status(err: server can not be accessible):
 
The Fortigate is running with FortiOS 6.2.9.
 
I have opened a ticket with Fortinet support, but I didn't receive yet a reply about the solution to fix this issue.
 
Someone is with this same issue or has a solution to solve it?
#1

11 Replies Related Threads

    Donnei Tsai
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/05 18:41:52
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/18 23:06:14 (permalink)
    0
    We also have the same issue. but still not resolve. Will call Fortinet Support help to check
    #2
    bbilut
    Bronze Member
    • Total Posts : 30
    • Scores: 4
    • Reward points: 0
    • Joined: 2019/07/29 07:01:03
    • Location: Chicago Area
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/19 06:37:24 (permalink)
    0
    Same issue here.
     
    When I look at my domain controller security logs it looks like the login ID is not being reported. It just says NULL SID where the userID should be. Like I said problem started after applying July patches to my DC's.
    post edited by bbilut - 2021/07/19 06:38:39
    #3
    eti_andrei
    Bronze Member
    • Total Posts : 9
    • Scores: 6
    • Reward points: 0
    • Joined: 2016/10/03 05:19:03
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/19 06:41:02 (permalink)
    0
    This was fixed in the latest FortiAuthenticator release, so hopefully the same fix will be coming to FortiOS shortly.
    #4
    bbilut
    Bronze Member
    • Total Posts : 30
    • Scores: 4
    • Reward points: 0
    • Joined: 2019/07/29 07:01:03
    • Location: Chicago Area
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/19 06:48:54 (permalink)
    0
    Seems like a Microsoft issue to me.
     
    When I look at event logs on domain controller the 4624 events show "NULL SID" as the user now. So FSSO can't really get the info it needs. That's at least what I'm seeing.
    #5
    bbilut
    Bronze Member
    • Total Posts : 30
    • Scores: 4
    • Reward points: 0
    • Joined: 2019/07/29 07:01:03
    • Location: Chicago Area
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/19 10:03:01 (permalink)
    0
    After reading this article about changes MS made in the June patch I figured out my issue
    https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5003637-update-may-block-remote-access-to-event-logs/
     
    I had to patch my FSSO server up to July patch level for it to be able to read remote event logs from my 3 domain controllers which were also at the July patch level.
    #6
    clicerioneto
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/03/31 03:38:27
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/19 10:24:11 (permalink)
    0
    I have updated the Windows 2016 servers with the last patch - 2021-07 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5004238), but the issue is not solved. 
     
    I'm waiting for Fortinet support about the solution. 
    #7
    bbilut
    Bronze Member
    • Total Posts : 30
    • Scores: 4
    • Reward points: 0
    • Joined: 2019/07/29 07:01:03
    • Location: Chicago Area
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/19 11:51:02 (permalink)
    0
    Your DC's and your FSSO server(s) are patched to July level, both?
    #8
    clicerioneto
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/03/31 03:38:27
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/19 13:25:18 (permalink)
    0
    I don't use FSSO agent. I only use Poll Active Directory configuration (agentless). The communication is just between DC and Fortigate. My DC's are with the last patch.
    #9
    bbilut
    Bronze Member
    • Total Posts : 30
    • Scores: 4
    • Reward points: 0
    • Joined: 2019/07/29 07:01:03
    • Location: Chicago Area
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/19 14:06:41 (permalink)
    0
    Since Microsoft hardened the process in how remote event logs are viewed and your doing agentless config I think you only have two options. Setup FSSO collector agent on a Windows Server with June or higher patch or wait for Fortinet to update FortiOS with a fix for Microsoft's changes. Who knows when that will be.
    #10
    Donnei Tsai
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/05 18:41:52
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/19 18:29:58 (permalink)
    0
    Hi, Can you share what's Fortinet's product has been fix this issue? have any documents?  Thanks
    #11
    Donnei Tsai
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/05 18:41:52
    • Status: offline
    Re: Poll Active Directory issue after installed the Windows Server update KB5004948 2021/07/20 23:39:08 (permalink)
    0
    The fortinet support tell us. The issue are a known issue. and the bug ID for this is 725056. 
    now is under research and develop fix. FYI
    #12
    Jump to:
    © 2021 APG vNext Commercial Version 5.5