Description
This article explains a manual process to synchronize two FSAE Collector Agents situated on different Domain Controllers.
Scope
All FortiGate and FSAE users.
Solution
This manual process can be used during a FSAE installation when the standard installation fails on a remote Domain Collector. This installation failure can be identified by the question mark ("?") being displayed on the "Select Domain Controller" tab after trying to synchronize with this server.
In this example, an FSAE Collector Agent and Domain Controller are installed on "server 1" and also on "server 2". It is equivalent to using the command from the FSAE menu 'sync configuration with others agents' but may suceed where synchronization following the use of the command has failed.
1. Install the FSAE Collector Agent and Domain Controller on "server 1".
2. Perform a full installation of the FSAE Collector Agent and Domain Controller on "server 2".
3. Manually configure the FSAE registry on "server 1" and "server 2".
On "server 1" use the Registry Editor and search for the key HKEY_LOCAL_MACHINE/SOFTWARE/Fortinet/FSAE/dcagent/ca. In the right windows, you have an entry on servidor1 (IP address and port number for the communication 8002). Right click to add an entry as DWORD value.
Configure the IP address of "server 2", double click on the entry to modify the data as hexadecimal 00001f42. If the default value is not used then the correct port number must be set.
Repeat the same steps on "server 2", add a new registry entry point to "server 1".
On "server 1", find the registry key HKEY_LOCAL_MACHINE/SOFTWARE/Fortinet/FSAE/collectoragent and right click on the key to export it and import it into "server 2".
After completing these steps check whether "server 1" can now correctly monitor "server 2". A tick mark should be displayed on the "Select Domain Controller" tab.