Description
Scope
Solution
This issue may be seen if the Windows Agent Manager license expired and has been renewed, either with or without any change to the license.
After having applied the new license to the system the message “License expired” is seen in the Windows Agent Manager. This means that the Windows Agent Manager is unable to get the updated license from the supervisor.
After having applied the new license to the system the message “License expired” is seen in the Windows Agent Manager. This means that the Windows Agent Manager is unable to get the updated license from the supervisor.
Scope
Windows Agent Manager 2.0 and above
Solution
It is necessary to re-register the Windows Agent Manager.
Preparation
1) The credentials for MSSQL are required and to be able to access (both read/write) to the FortiSIEM/Accelops Windows Agent Manager DB instance on the servers (This can be verified by accessing the instance through MSSQL DB studios).
2) The credentials for the supervisor as Full Admin are required to re-register the Windows Agent Manager.
3) Each profile for each Windows Agent Manager will need to be exported (this is to ensure that data is not lost against the Windows Agent Managers).
4) Download the windows agent manager installation files from the following link:
Note: If there are different versions of the WAM installed per server, ensure that the correct Windows Agent Manager version is used per server.
Steps
1) Login to the Windows server, search for Services, select “AOWinAgtMgr Dispatcher” and then click “Stop” the service.
3) Uninstall and then reinstall the Windows Agent Manager. Refer to the User Guide for Windows Agent Manager on page 64 for installation instructions: https://docs.fortinet.com/uploaded/files/3996/fortisiem-4.10.0-installation-and-upgrade-guide.pdf
4) After the installation has finished, login back to the Windows Agent Manager and verify that the Windows Agent(s) is connected.
5) To verify the agent is up and running, go to UI and run the Real Time Search, Raw Event Log CONTAINS WUA AND Reporting IP = the windows server
Preparation
1) The credentials for MSSQL are required and to be able to access (both read/write) to the FortiSIEM/Accelops Windows Agent Manager DB instance on the servers (This can be verified by accessing the instance through MSSQL DB studios).
2) The credentials for the supervisor as Full Admin are required to re-register the Windows Agent Manager.
3) Each profile for each Windows Agent Manager will need to be exported (this is to ensure that data is not lost against the Windows Agent Managers).
4) Download the windows agent manager installation files from the following link:
https://images-cdn.fortisiem.fortinet.com/VirtualAppliances/latestrelease.html
Note: If there are different versions of the WAM installed per server, ensure that the correct Windows Agent Manager version is used per server.
Steps
1) Login to the Windows server, search for Services, select “AOWinAgtMgr Dispatcher” and then click “Stop” the service.
4) After the installation has finished, login back to the Windows Agent Manager and verify that the Windows Agent(s) is connected.
5) To verify the agent is up and running, go to UI and run the Real Time Search, Raw Event Log CONTAINS WUA AND Reporting IP = the windows server
