New Member

Question

FortiClient stuck at 98%

Forum|Forum|10 years ago
March 8, 2016
8 replies
92585 views

Hi All, since upgrading our 300C to FortiOS 5.2.6 we're experiencing problems (randomly) with incoming connection through FortiClient and FortiVPNSSL. The connection process goes well untill 98% and than stop without any error message or, in some other cases, connect and immediately disconnect.

The problem has been noticed on both Win7 and Win10 clients on different FGT models (300C, 300D and 400D), with different firmware (5.2.3 and 5.2.6) and different FortiClient versions (4.0.2300 and 4.0.2323).

Fortinet support provided a FortiClient version (4.3.5.0472) to be tested => no success; then a "fix" for a similar problem observed on Win8 (even if we don't use this) found at http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630 => no success.

It also happen often that, after a succesful connection, the client is not able to connet anymore using both che vpn client and the web access. Sometimes a restart fix the issue, sometimw a vpn client reinstall fix the issue, sometimes nothing of these have effect...

What really make me think about some bug or, at least, some communication issue between the vpn client and the FGT is taht a restart of the process vpnssld on the FGTsolve temporarely the issue and everything start working as expected... until the problem show up again after a couple of days. It looks like some "communication" issue cause the vpn deamon to "hang" for that particular user (while others are able to connect in the meanwhile).

Did anyone experienced such an issue?

Thanks in advance

Bye

GC

bartman10

New Member

Exact same issue. 300c upgraded to 5.2.6. VPN 98% then back to user/pass prompt. Using fortiauth and tokens but same issue.

Gianluca_CaldiAuthor

New Member

Hi,

after a long ping-pong with Fortinet L1 support we got escalated to L2 and got noticed that this is "known issue" (bug ID 0232764). We got an "intermin" FortiClient version to test as it looks the problem in on the client side (but I've nio further details). I'll you posted.

Bye

Gianluca

Gianluca_CaldiAuthor

New Member

Hi All,

just to infor you that we got notified by Fortinet that the "interim" client provided seems to have issues with Win7 thus is suitable for testing only on Win10 machines. After some testing we still got the issue on several Win7 client machines (but we've really few Win10 installations up to now). This thing is really getting weirder by the time...

Bye

Gianluca

henry_mwangi

New Member

I too have the same problem with FG 100D. How do we beat around this ?

Gianluca_CaldiAuthor

New Member

Hi Henry,

no workaround that I know about. As I wrote we're testing a new "beta" claint that should address the issue. As for now it seems to work good but need some more testing to be sure that there's no any unlikey side effect...

Bye

Nils

New Member

I've been struggling with this.

The solution for us is to uninstall the client, restart the computer and then install the client again.

Gianluca_CaldiAuthor

New Member

Hey guys,

uninstalling-rebooting-reinstalling is not a solution! t's just some temporary workaround that fix the issue until it happen the next time. You got the same by killing the vpnssld on the affected FGT or following the instructions from fortinet here http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630 but..

..as Fortinet confirmed that this is a bug (someone read the messages?) the only way for a solution is to get an (hopefully) working client which address the problem.

I got in PM lot of people having the same issue on 300C, 100D and some other models so it don't make sense to try solving this working on the single client..

kolawale_FTNT

Staff

On Windows 8.1 (or 2012 R2), the following Microsoft Software Hotfix may be helpful:

VPN gateway becomes unresponsive and a connection can't be established ...

On Windows 10, you may contact Fortinet Support to try the latest FortiClient 5.4 interim build,

The FortiClient version or build installed in a managed environment can be controlled by using the EMS.

bartman10

New Member

Oh really Kolawale.. where did you get this info to contact Fortinet Support as they seem to have no idea what I'm talking about when I contacted them and had me install FortiClientSetup_5.2.5.0658_x64.exe.

This "fixed" the issue because like we've said before reinstalling the client seems to fix it for a bit.

See case #1674111

kolawale_FTNT

Staff

Consider requesting for a 5.4 interim build from Fortinet Support.

Gianluca_CaldiAuthor

New Member

Hi All,

just as an update..

..after several "interim" versions provided by Fortinet the problem persist. Moreover it was now noted on some "D" series models so my hope that ths was just some incompatibility with the 300C and 5.2.6 just crashed.

So no good news this time...

foshejh

New Member

Gianluca,

Just checking to see if you have had any luck resolving this issue. We have recently started having this same issue with a new Windows 10 computer. We are running a FG60D with V5.2.3 and FortiClient with v5.4.0.0780. Getting stuck at 98% every time. We uninstalled and reinstalled the FortiClient on the Windows 10 machine today, and it worked for a few minutes. Now, it is failing again at 98%. Thanks!

Thanks,

-foshejh

Gianluca_CaldiAuthor

New Member

Hi foshejh,

last week we moved from our old 300C powered by 5.2.6 to a new 600D running 5.2.7 and the problem, so far, seems to be resolved by himself. Fortinet support say that the issue is 100% due to some conflict on the client machine but, in my opinion, this is not true because: 1) everything start working fine again (for a while) just killing the sslvpn deamon on the FGT and 2) the problem now just disappeared and the clients are exactly the same.

I got the idea that the issue lie somewhere in a bad combination between hardware model and FGT firmware version but my ticket is still open (for almost 3 months now...) and the cause is still to be found.

Bottom line of this: if I were you I'd give a try to 5.2.7 just to check if some "hidden" bug as been corrected too. In the change log of this firmware version you'll find some reference to vpn issue and, even if Fortinet support says that the 98% issue is not related, something seems to work definitely better.

Hope not having talked too early...

Bye

Gianluca

dkarras

New Member

Uncheck IPv6 from your network properties on all your interfaces and then reboot your PC.

mboback

New Member

I was just getting reports of some of my users having the 98% stuck bug as well over the past few days using SSLVPN.

For reference the setup in question is a Fortigate 60E running firmware 5.4.4

Forticlient version 5.4.3.0870 running on Win 10 Pro build 1607

System connected to a wifi network at a remote location.

I was seeing the following on the Forticlient log exports (with default Info log-verbosity):

4/26/2017 2:25:49 PM Error VPN FortiSslvpn: 6300: Ras : connection to fortissl failed : 6:0:0: 4/26/2017 2:25:56 PM Notice VPN Unable to establish the VPN connection.(E=98,T70,M99,R-983070010) 4/26/2017 3:25:36 PM Notice VPN FortiSslvpn: 10860: fortissl_connect: device=fortissl 4/26/2017 3:25:38 PM Error VPN FortiSslvpn: 11260: Ras : connection to fortissl failed : 6:0:0: 4/26/2017 3:25:47 PM Notice VPN Unable to establish the VPN connection.(E=98,T70,M99,R-983070010) 4/27/2017 9:17:31 AM Notice VPN FortiSslvpn: 12124: fortissl_connect: device=fortissl 4/27/2017 9:17:33 AM Error VPN FortiSslvpn: 13076: Ras : connection to fortissl failed : 6:0:0: 4/27/2017 9:17:42 AM Notice VPN Unable to establish the VPN connection.(E=98,T70,M99,R-983070010)

Reinstalling, repairing, rebooting did not fix. I tried connecting the client to other Fortigate devices I manage on other firmware versions and other networks unsuccessfully. I called Fortinet support and they have a 5.6 beta 2 version they provided me. Support mentioned that there is some type of bug or issue with some of the "SSL" drivers bundled with Forticlient (Support's own words) that weren't playing nice on Win 10.

I installed the Forticlient 5.6 beta 2 client on a particular workstation (uninstall 5.4 Forticlient via Programs/Features, reboot, install 5.6 beta 2, reboot) and was able to connect successfully to my VPN.

Support says that GA may be in May for 5.6 - but you should be able to open a ticket and get the 5.6 beta from them if you are having similar issues.

hhaken

New Member

Still got the same error with version 5.4.2.0860

What helped for me is un-installing the WAN Miniport (IP) driver in the Device Manager under Network adapters.

Reboot your Desktop/Laptop.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded