DescriptionThis article explains the remote administration settings for FortiClient EMS.
SolutionWhen enabled, by default when remote administration is enabled on EMS, it can only be accessed over the predefined allowed hostnames and custom hostnames
The basic requirements are that:
- FortiClient EMS is installed.
- Access is available to a DNS server.
- PC can resolve internal DNS address for hostnames.
- Sysadmin is available to restart services on the EMS server.
Troubleshooting
If, when using the default settings, an error 'Bad Request (400)' is seen when trying to access EMS over HTTPS via IP address, it means that the request sent by the client could not be understood by the server.
The reason for this is that the EMS server can only be accessed when the address entered in the browser URL is the one in predefined list or custom hostnames.
This means the custom hostnames are not equivalent to the trusted host of the FortiGate.
In remote administration for EMS, it must be accessed by entering the hostnames from a predefined list.
And in case of custom allowed hostnames:
- Add the IP address of the EMS server itself (grabbed from ipconfig).
- If using a custom hostname, make sure the internal DNS can resolve the hostname and the PC has the internal DNS server configured.
Once applied, simply restart the FortiClient Enterprise Management Apache Server from Windows services or reboot.
