Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Markus_M
Staff
Staff

Created on ‎09-27-2012 08:07 AM Edited on ‎05-26-2022 12:04 PM By Anonymous

Article Id 191605

Technical Tip: Error 'Collector Agent status is NOT RUNNING' after a configuration change

Description
This article describes how to fix a start failure after a configuration change on the Collector Agent lead.

 
 
Fortinet Single Sign On Agent Service (Fortinet_FSAE) is not running.
Start it by using Services Control Manager and try again.
The configuration window shows in the upper right:
Collector Agent Status: 'NOT RUNNING'.


Solution

Open the services console running  services.msc and find the Fortinet Single Sign On Agent Service in the services names list.
Right click the service name then choose 'Start'.
The following error may pop up:
 
 
 
 
Windows could not start the Fortinet Single Sign On Agent Service service on Local Computer.
Error 1069: The service did not start due to a logon failure.

The error indicates the user does not have the required privileges to start a service.
This have changed since the last time this user was able to start the service.
Crosscheck the password for the user.
A test can be also to change the 'Log on as' option temporarily of the Local System account and try to start the service again. If  this succeeds the service account in use has a restriction or credential issue and needs to be checked.

Right click the Fortinet Single Sign On Agent Service, select Properties then navigate to the Log On tab.
Note the account used to start the FSSO service:
 
 

The user service_acct needs the service startup permission.
During installation the Collector Agent requested an account to run its service under.
Either that is a local system account or a separate account to run that specific service.
On a domain controller that manages domain users, open the Group Policy Management Console gpmc.msc.
Expand the Forest, domain and group policy objects.
Choose the assigned Group Policy Object (GPO) then right click to 'Edit '.
 
Then expand the policy editor to
Computer Configuration -> Policies -> Windows settings -> Security settings -> Local Policies -> User Rights Assignment.
Find 'Log on as a service' from the policy list.
Right click to open the properties page.

 
 
Add the user service_acct to the security policy setting.
 
 

 
 
Close the group policy management windows.
Open a Microsoft Windows command prompt and execute the command gpudate /force to update the group policy configuration.
 
 
 
 
Go back to the Windows services services.msc then start the Fortinet Single Sign On Agent Service.
The Collector Agent Status should now show as running:
 
 
 



Related Articles

Technical Tip: Restricting FSSO service account

Labels:
11158
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.