Skip to main content
NothingKai
NothingKai
New Member
February 10, 2017
Solved

Error Forticlient stop 80%

  • February 10, 2017
  • 3 replies
  • 584439 views

Hi Guy,

 

I have an error about forticlient:

 

Unable to logon to the server. Your user name or password may not be configured properly for this connection. (-12)

 

I sure username and pass is right.

 

My 100D ver: v5.4.3,build1111 (GA) 

Forticlient ver: 5.4.2.0860

 

Thanks for help.

 

Best answer by andrew1

Hi,

I have solved this issue many times on Windows 2016 Server by adding the exact URL (also include custom port if needed - e.g. https://mysslvpn.domain.dom:10443) for the SSL VPN to the Trusted Sites list in Internet Options (from IE or by running "inetcpl.cpl"). Of course you need to add the URL for every SSL VPN you want to connect to.

This happens even when IE is not the default browser.

 

In all my instances of this issue, I also found out I could check this issue by opening the SSL VPN URL with Internet Explorer. Every time I could not connect to the SSL VPN in Web Mode from Internet Explorer (it displays "This page can't be displayed"), FortiClient was also failing just like the OP describes. (The Web Mode was working just fine on Chrome or Firefox.) The opposite was also true: when IE logged into the Web Mode, FCT was working.

(Of course Web Mode must be enabled for the relevant SSL-VPN Portal for this test to make sense.)

 

I also found this issue on a server with Trusted Sites locked by Group Policy - so I couldn't add a new entry. In the end I was able to solve the issue by resetting Internet Options:

(also see attached image)

[ul]
  • run Internet Options (inetcpl.cpl)
  • select the "Advanced" tab
  • Click on the "Reset..." button
  • flag "Delete personal settings" (I did that - don't know if it is needed)
  • Click "Reset"[/ul]

     

    Summing it up, it is clear that something inside Internet Options is the culprit, but I wasn't able to pinpoint what exactly.

     

    Fortinet support says that FortiClient is designed to take settings from Internet Options. At this point I'd like to know exactly what parameters are in use (I guess I can't ask support because I don't have a valid FortiClient support contract at the moment).

     

    To anyone having this issue, I'd still recommend trying to add the SSL VPN URL to the Trusted Sites before resetting.

     

    Please note that I am using the default certificate for the SSL VPN - but I believe this makes no difference (beyond all the expected warnings).

     

    -a

    • 3 replies

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    February 10, 2017

    It's almost impossible to get (-12) error without user name/password mismatch. Is this IPSec VPN or SSL VPN? Is it a local user or a remote server user (RADIUS, LDAP, TACACS+)? Can you try configuring another simple user/pass into the same user group then test?

    NothingKai
    NothingKaiAuthor
    New Member
    February 11, 2017

    toshiesumi wrote:

    It's almost impossible to get (-12) error without user name/password mismatch. Is this IPSec VPN or SSL VPN? Is it a local user or a remote server user (RADIUS, LDAP, TACACS+)? Can you try configuring another simple user/pass into the same user group then test?

    Yes, I login with account server user FSSO.

    But I try create 1 accout on fortinet, it's still the same error.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    February 11, 2017

    What is the account server's log saying? Is it even receiving queries? If you don't see anything on the server side, you probably need to run:

       diag debug app fnbamd -1

    to see all interactions your FG is attempting/or not attempting with the server.

     

    For the local user this wouldn't work so you likely need to debug application either "sslvpn" (if SSL VPN) or "ike" (if IPSec VPN).

    andyloe
    andyloe
    New Member
    August 6, 2021

    Hey =) 

     

    Unfortunately, I have the same basic problem. Error Forticlient stop 80% I have already implemented all the suggested solutions including Internet Explorer Settings or configuration enabled TLSv1.1 etc.

    it says in the log "diag debug app fnbamd -1". invalid auth params for user 'vpn_test'. The user "vpn_test" is a local user and I didn't add any SSO or PKI or Domain

    My Forti is a FGT60D v6.0.13 build0443 (GA) FortiClient is v6.0.13 build0443 (GA

    Who can help me please, I am at the end of my knowledge

    Christian_89
    Christian_89
    Contributor III
    August 3, 2023

    The error message "Unable to logon to the server. Your user name or password may not be configured properly for this connection. (-12)" in FortiClient, coupled with the issue of the connection stopping at 80%, is a relatively common issue that can be caused by several factors. Here's a systematic approach to diagnosing and resolving the problem:

    ### 1. **Check User Credentials**
    - Ensure that the username and password are correct.
    - Verify that the user account is not locked or disabled on the FortiGate device.

    ### 2. **Verify SSL-VPN Settings on FortiGate**
    - Check the SSL-VPN settings on your FortiGate 100D device.
    - Verify that the user account is assigned to the correct SSL-VPN portal and has the necessary permissions.

    ### 3. **Update FortiClient**
    - The versions of FortiGate and FortiClient you're using are relatively old. Consider updating both to a compatible and supported version, as there might be known issues with those particular builds.

    ### 4. **Inspect Logs**
    - Review the FortiGate logs related to SSL-VPN connections. This can provide more detailed information about the failure.
    - Check the FortiClient logs as well. You can find them typically under "C:\Program Files (x86)\Fortinet\FortiClient\logs" on a Windows machine.

    ### 5. **Try a Different FortiClient Version**
    - Sometimes, compatibility issues between specific FortiClient and FortiGate versions can cause problems. You might try using a different version of FortiClient that is known to work with your FortiGate version.

    ### 6. **Check Firewall Policies and Routing**
    - Ensure that the firewall policies are correctly configured to allow the SSL-VPN traffic.
    - Verify that the routing is correctly configured so that the FortiClient can reach the FortiGate device.

    ### 7. **Recreate the SSL-VPN Configuration**
    - As a last resort, you might consider recreating the SSL-VPN configuration on the FortiGate device. Sometimes, configuration errors or corruptions can lead to issues that are resolved by starting fresh.

    ### 8. **Contact Fortinet Support**
    - If the issue persists, consider reaching out to Fortinet Support. They can provide expert assistance tailored to your specific configuration and environment.

    Remember, working with security devices and VPN configurations requires careful consideration of the potential impacts on your network's security and functionality. Always proceed with caution, and consider involving IT or network security professionals if you're unsure about any of the steps.

    Terms & ConditionsAccessibility statement