Technical Tip: How to fix 'Timed out when getting FortiGate status' and 'Timed out when getting DC agent status' on the Collector Agent

jlim11 · ‎08-24-2023

Description

This article describes that after installing Collector Agent on Windows AD, there are cases that these errors can appear when selecting 'Show Service Status' and 'Show Monitored DCs' on the Collector Agent.

Select 'Show Services Status' will give the error 'Timed out when getting FortiGate status', and selecting 'Show Monitored DCs' will give the error 'Timed out when getting DC Agent status'. Both will display a blank list.

Even checking the 'Show Logon Users' will display this and will just keep loading, and eventually show the error message from above with a blank login user list.

show logon users loading.JPG

This is most likely a permission issue with the Service account used when installing the Collector Agent.

The service account used can be checked again on the Windows AD by searching 'Services' on the search bar or 'services.msc'.

Look for 'Fortinet Single Sign-on Agent Service', 'Right-click', and then 'Properties', Go to the 'Log On' tab to confirm the service account used.
From the example above, 'Testadmin' is used for the service account.

Checking which member 'Testadmin' is part of, It is not part of 'Administrator' or 'Domain Admins'.

Scope

FortiGate.

Solution

To fix the error messages, the service account should be part of 'Administrators' or 'Domain Admins'

After adding it, Go back to 'Services'
'Right-click' to 'Stop', Then 'right-click' to 'Start' to restart the Fortinet Single Sign On Agent Service.

stop start.JPG
After that, the error messages should be gone. The active DC agents and the FortiGate are now connected to the Collector Agent.

active dc agents.JPG

show service statusfixed.JPG

Related article:
Technical Tip: Restricting a Fortinet Single Sign On Agent Service (FSSO) service account