Which are two requirements for DC-agent mode FSSO to work properly in a Windows AD environment?

In a Windows Active Directory (AD) environment, one of the critical requirements for the Domain Controller (DC) agent mode of the Fortinet Single Sign-On (FSSO) to function properly is that the DNS server must accurately resolve all workstation names. This is essential because FSSO relies on name resolution to correlate user logins with the appropriate machine where the users are logged in. If the DNS server cannot resolve the workstation names correctly, the information about user activity becomes unreliable, leading to potential inaccuracies in user identification and session tracking.

In a functioning FSSO setup, the system needs to effectively map user sessions to specific workstations. DNS resolution aids in ensuring that when a user logs in, the FSSO can identify the correct machine associated with that user. Thus, proper DNS configuration is a foundational element for the accurate and efficient operation of FSSO in a DC-agent mode scenario.

The other options do touch upon aspects related to FSSO but do not capture the critical nature of DNS resolution within this specific context.