Created on 09-27-2012 08:07 AM Edited on 05-26-2022 12:04 PM By Anonymous
Description
This article describes how to fix a start failure after a configuration change on the Collector Agent lead.
Fortinet Single Sign On Agent Service (Fortinet_FSAE) is not running.
Start it by using Services Control Manager and try again.
The configuration window shows in the upper right:
Collector Agent Status: 'NOT RUNNING'.
Solution
Windows could not start the Fortinet Single Sign On Agent Service service on Local Computer.Error 1069: The service did not start due to a logon failure.
The error indicates the user does not have the required privileges to start a service.
This have changed since the last time this user was able to start the service.
Crosscheck the password for the user.A test can be also to change the 'Log on as' option temporarily of the Local System account and try to start the service again. If this succeeds the service account in use has a restriction or credential issue and needs to be checked.
Right click the Fortinet Single Sign On Agent Service, select Properties then navigate to the Log On tab.Note the account used to start the FSSO service:
The user service_acct needs the service startup permission.
During installation the Collector Agent requested an account to run its service under.
Either that is a local system account or a separate account to run that specific service.
On a domain controller that manages domain users, open the Group Policy Management Console gpmc.msc.
Expand the Forest, domain and group policy objects.
Choose the assigned Group Policy Object (GPO) then right click to 'Edit '.
Then expand the policy editor to
Computer Configuration -> Policies -> Windows settings -> Security settings -> Local Policies -> User Rights Assignment.Find 'Log on as a service' from the policy list.Right click to open the properties page.
Add the user service_acct to the security policy setting.Close the group policy management windows.Open a Microsoft Windows command prompt and execute the command gpudate /force to update the group policy configuration.Go back to the Windows services services.msc then start the Fortinet Single Sign On Agent Service.The Collector Agent Status should now show as running:
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.