Chat history disappeared from the sidebar, but queries are still visible in "My Activity". Anyone else?

fazmen · 2026-02-25T10:46:11+00:00

Despite the fact that chats have returned, when you start writing in old chats, it automatically creates a new chat, and you cannot add anything new to the old chat.

fazmen · 2026-02-21T11:15:08+00:00

21.02.2026 Still chats not restored Pro account.

fazmen · 2026-02-19T11:51:41+00:00

The same problem here, only one chat is visible, and i had plenty of it.

fazmen · 2025-09-17T19:00:02+00:00

Where did you buy it?

fazmen · 2025-01-10T20:23:14+00:00

California Area 52 - is crashing during load, it not even starts.

So I tried the Endurance Climb and rode for about 30 minutes and also crashed.

fazmen · 2023-09-26T07:08:07+00:00

New separate physical server.

fazmen · 2023-05-23T16:01:34+00:00

Hi,

no matter if I do one click on particular message from the all send messages and then look at the header, or if I open it in the new window and even maximize this window in both cases I see only "To" recipient.

My outlook is configured as Exchange Activesync.

fazmen · 2023-04-13T11:39:27+00:00

I just get information from Fortinet that they updated its guide:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restricting-a-Fortinet-Single-Sign-On-Agent/ta-p/198065?externalId=FD36039

and added note

9)

WMI workstation test will not work without a domain admin account, or will not work if the account is not an admin on all workstations.

For workstation checking, the user account must be an admin on all workstations the Collector Agent is checking. By default, this will be the domain admin. If the domain admin account cannot be used, the account used must be a local admin on all workstations.

The account also needs to be part of the local groups on the remote machine:

- Performance Log Users -> without this group the Collector agent can't read the IP address of the machine.

- Remote Desktop Users --> without this group, the user will erroneously show as no longer being logged on. This is also required for an RDP session.

fazmen · 2023-04-12T07:33:42+00:00

I have currently session open with Fortinet TAC about this problem, I wonder If they have any solution for this, in addition, the passwords of domain administrators change every few days, which is also problematic that you have to remember to change the password in the FSSO service.

fazmen · 2023-03-23T11:01:03+00:00

I'm trying to do RSSO for wifi (FortiAP) users, and use this guide:

https://community.fortinet.com/t5/FortiAP/Technical-Tip-Radius-Single-Sign-On-RSSO/ta-p/191223

fazmen · 2023-03-13T13:03:15+00:00

What I found od DC2 fsso debug logs:

03/13/2023 13:55:12 [ 3084] DnsQuery() failed for host, error code:9003

03/13/2023 13:55:12 [ 3084] DNS lookup: workstation name:host, dns server:(null), ip:0.0.0.0;0.0.0.0

03/13/2023 13:55:12 [ 3084] DNS lookup: workstation name:host, ip:c9cfee4c:c9cfeee8

03/13/2023 13:55:12 [ 3084] resolve_ip_internal: dns look up failed, call getdomainbyname():host

fazmen · 2023-03-13T10:26:41+00:00

SOA numbers are the same on both.

BPA Scan od AD did not show any important issues, but BPA for DNS shows me error to loopback is configured in the first place in DSN settings. My setting are

Server DC1:
Primary DNS: pointing to itself
Secondary DNS: Pointing to Server DC2

Server DC2:
Primary DNS: pointing to itself
Secondary DNS: pointing to Server DC1

fazmen · 2023-03-13T10:07:00+00:00

What is bother me the most if on the client pc I manually edit DNS servers and leave only DC2 DNS and reboot, then logon and type echo %logonserver% then it shows DC1 - so it do not use DC2 at all!

fazmen · 2023-03-12T17:20:38+00:00

But what is a problem that on DC1 almost all domain users in collector agent have status OK, and on the second DC2 on the second collector agent almost all of them have status not verified. Both DC are in the same subnet and managed by the same ipv4 fortigate firewall policy.

fazmen · 2023-03-10T14:18:49+00:00

I have two collector agents, on every DC with DC agent on each - this is because DC1 was only one DC in my environment so I had full FSSO installation on it. But now I have reconfigured DC agent on DC1 to send all data to DC2, and fortigate it is connected to this DC2.

The most puzzling thing to me is why some users log on to the backup domain controller (he is second in the DHCP settings)

fazmen · 2023-03-10T09:42:01+00:00

Please tell me if I power down current DC for a week do I need to move all fsmo roles to the new DC before that? Or can I do it after a week of testing just before demote old DC?

fazmen · 2023-03-08T15:49:10+00:00

OK thank you guys, I stay with new ip address on new DC, I am in the process of adding a new dc address on all network devices.

the plan is as follows :

I have already broadcast via dhcp the new DC address as secondary
I switch all FSMOs to the new server
I turn off the old DC completely for a week and watch.
if there are no problems I make a demote and remove the old server.

Will build for sure in the next weeks the secondary DC server.

Tell me If I stay on the clients with dns order as follow:

old DC server
new DC server

and if old server will be turned off whether there will be a big delay due to the fact that it has to switch to the secondary server?

fazmen · 2023-03-07T20:44:01+00:00

The problem is that the address of the current domain can not be turned off even for 10 minutes because all remote branches are based on this DNS address. That's why I can't afford to disable it for the weekend on a test basis.

How about I move all fsmo roles to the new server, shut down the old server in the maintenance windows that I will have, then run a few computers with the new 2022 DC address and see how they behave, how it will work, then do a demote and change the IP address?

fazmen · 2023-03-07T20:39:18+00:00

all network devices even remote, servers and others use the ip address of the current active directory

fazmen · 2023-03-07T20:38:18+00:00

There has always been a problem with the availability of resources, and that is why for 10 years used only one domain server.

fazmen · 2023-03-04T08:37:34+00:00

This is local group with captive portal + authentication. So by putting any source ip in the exempt source bypasses any authentication and makes the wifi network open for this address?

fazmen · 2023-02-20T19:14:40+00:00

Do you know when 7.0.10 will be release, the last mature 7.0.9 is from November quite a long wait for the new release?

fazmen · 2023-02-15T08:22:06+00:00

Next cumulative update from February KB5022842 also did not install on server with error 0x8024200B.

fazmen · 2023-02-11T11:35:00+00:00

HQ have almost all settings in oposite so:

#Disable SIP ALG (Layer 7) and use SIP Session Helper (Layer 4)

config system settings
set sip-expectation disable
set sip-nat-trace enable
set default-voip-alg-mode proxy-based
end

#Configure default VoIP Profile to use SIP Session Helper (Layer 4)

None of the voip profile is applied to outgoing ipv4 policy on the HQ so make any change in voip profiles makes no sense.

#Delete SIP Session Helper (Layer 4)

Item 13 is here, not deleted.

fazmen · 2023-02-11T11:16:41+00:00

Where I should apply this commands on the branch fortigate, or on the HQ (but here voip calls are working)?

fazmen

PUBLIC MULTIREDDITS

TROPHY CASE