Skip to main content
ghorchem
ghorchem
New Member
April 2, 2018
Question

FortiOS 6.0 SSL VPN Host Check Windows 10 fails

  • April 2, 2018
  • 1 reply
  • 6860 views

Hello i'm trying to login to our SSL VPN Web Portal and im getting "PC does not meet host checking requirements". the pc is running Windows 10 Verison: 1709. below is my diag output:

 

Fortinetgateway # [191:root:2b]allocSSLConn:280 sconn 0x561cb400 (0:root)

[190:root:2c]allocSSLConn:280 sconn 0x560e9400 (0:root)

[191:root:2b][192:root:2b]SSL state:before SSL initialization (172.168.1.3)

allocSSLConn:280 sconn 0x561cb400 (0:root)

[191:root:2b]SSL state:before SSL initialization (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS read client hello (172.168.1.3)

[192:root:2b][191:root:2b]SSL state:before SSL initialization (172.168.1.3)

[192:root:2b]SSL state:before SSL initialization (172.168.1.3)

SSL state:SSLv3/TLS write server hello (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS read client hello (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write server hello (172.168.1.3)

[190:root:2c]SSL state:before SSL initialization (172.168.1.3)

[190:root:2c]SSL state:before SSL initialization (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS read client hello (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write server hello (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write certificate (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write certificate (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write certificate (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write key exchange (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write key exchange (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write key exchange (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS read client key exchange (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS read finished (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS read client key exchange (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write session ticket (172.168.1.3)

[192:root:2b][191:root:2b]SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

[191:root:2b][192:root:2b]SSL state:SSLv3/TLS read finished (172.168.1.3)

SSL state:SSLv3/TLS write finished (172.168.1.3)

[190:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

SSL state:SSLv3/TLS read client key exchange (172.168.1.3)

[192:root:2b]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[191:root:2b]SSL state:SSLv3/TLS write session ticket (172.168.1.3)

[190:root:2c][192:root:2b][191:root:2b]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS read finished (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write finished (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write session ticket (172.168.1.3)

[190:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

[191:root:2b]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[190:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)

[190:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

[190:root:2c]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[192:root:2b]req: /remote/login?lang=en

[192:root:2b]rmt_web_auth_info_parser_common:439 no session id in auth info

[192:root:2b]rmt_web_get_access_cache:760 invalid cache, ret=4103

[192:root:2b]req: /css/main-blue.css

[192:root:2b]mza: 0x134c7d8 /css/main-blue.css

[191:root:2b]req: /sslvpn/js/login.js?q=717f435f6e4f169b34

req: /remote/fgt_lang?lang=en

[191:root:2b]mza: 0x134c7b0 /sslvpn/js/login.js

[192:root:2b]req: /fonts/lato-regular.woff

[192:root:2b]def: 0x134c748 /fonts/lato-regular.woff

[191:root:2b]req: /fonts/lato-bold.woff

[191:root:2b]def: 0x134c748 /fonts/lato-bold.woff

[192:root:2b]req: /fonts/ftnt-icons.woff

[192:root:2b]def: 0x134c748 /fonts/ftnt-icons.woff

[191:root:2c]allocSSLConn:280 sconn 0x561cbd00 (0:root)

[191:root:2c]SSL state:before SSL initialization (172.168.1.3)

[191:root:2c]SSL state:before SSL initialization (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS read client hello (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write server hello (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write finished:system lib(172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS read finished (172.168.1.3)

[191:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

[191:root:2c]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[190:root:2c]req: /remote/logincheck

[190:root:2c]rmt_web_auth_info_parser_common:439 no session id in auth info

[190:root:2c]rmt_web_access_check:686 access failed, uri=[/remote/logincheck],ret=4103,

[190:root:2c]rmt_logincheck_cb_handler:900 user 'horchemg' has a matched local entry.

[190:root:2c]sslvpn_auth_check_usrgroup:1770 forming user/group list from policy.

[190:root:2c]sslvpn_auth_check_usrgroup:1812 got user (0) group (2:0).

[190:root:2c]sslvpn_validate_user_group_list:1440 validating with SSL VPN authentication rules (1), realm ().

[190:root:2c]sslvpn_validate_user_group_list:1488 checking rule 1 cipher.

[190:root:2c]sslvpn_validate_user_group_list:1496 checking rule 1 realm.

[190:root:2c]sslvpn_validate_user_group_list:1507 checking rule 1 source intf.

[190:root:2c]sslvpn_validate_user_group_list:1546 checking rule 1 vd source intf.

[190:root:2c]sslvpn_validate_user_group_list:1618 rule 1 done, got user (0) group (1:0).

[190:root:2c]sslvpn_validate_user_group_list:1706 got user (0), group (2:0).

[190:root:2c]two factor check for horchemg: off

[190:root:2c]sslvpn_authenticate_user:167 authenticate user: [horchemg]

[190:root:2c]sslvpn_authenticate_user:174 create fam state

[190:root:2c]fam_auth_send_req:577 with server blacklist:

[190:root:2c]fam_auth_send_req_internal:449 fnbam_auth return: 4

[190:root:2c]Auth successful for group Users_W_and_I

[190:root:2c]fam_do_cb:479 fnbamd return auth success.

[190:root:2c]SSL VPN login matched rule (0).

[190:root:2c]rmt_web_session_create:764 create web session, idx[0]

[192:root:2b]Timeout for connection 0x561cb400.

[192:root:2b]Destroy sconn 0x561cb400, connSize=0. (root)

[191:root:2b]Timeout for connection 0x561cb400.

[191:root:2b]Destroy sconn 0x561cb400, connSize=1. (root)

[191:root:2c]Timeout for connection 0x561cbd00.

[191:root:2c]Destroy sconn 0x561cbd00, connSize=0. (root)

[190:root:2c]req: /remote/hostcheck_install?auth_type=16&u

[190:root:2c]rmt_hcinstall_cb_handler:450 remote check failed

[190:root:0]sslvpn_internal_remove_one_web_session:2681 web session (root:horchemg:Users_W_and_I:172.168.1.3:0 0) removed for Server terminated session normally

[190:root:2c]req: /sslvpn/css/ssl_style.css

[190:root:2c]mza: 0x134c7e0 /sslvpn/css/ssl_style.css

[192:root:2c]allocSSLConn:280 sconn 0x561cb400 (0:root)

[192:root:2c]SSL state:before SSL initialization (172.168.1.3)

[192:root:2c]SSL state:before SSL initialization (172.168.1.3)

[192:root:2c][190:root:2c]SSL state:SSLv3/TLS read client hello (172.168.1.3)

req: /remote/fgt_lang?lang=en

[192:root:2c]SSL state:SSLv3/TLS write server hello (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write certificate (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write key exchange (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS read client key exchange (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS read finished (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write session ticket (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)

[192:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

[192:root:2c]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[190:root:2c]rmt_check_conn_session:1975 delete connection 0x560e9400 w/ web session 0

[190:root:2c]Destroy sconn 0x560e9400, connSize=0. (root)

[192:root:2c]epollFdHandler,569, sconn=0x561cb400[12,-1,-1,-1,-1], fd=12, event=25.

[192:root:2c]epollFdHandler:639 s: 0x561cb400 event: 0x19

[192:root:2c]Destroy sconn 0x561cb400, connSize=0. (root)

 

Any ideas on how to fix this? Thanks.

    1 reply

    andrew1
    andrew1
    New Member
    January 23, 2019

    Hi,

    I'm having a very similar problem.

    I have solved by adding the EXACT URL for the SSL VPN to the Trusted Sites in inetcpl.cpl.

     

    EDITED to add: this may be relevant: [link]https://forum.fortinet.com/tm.aspx?m=145662[/link]

    Terms & ConditionsAccessibility statement