| Description | This article describes why sometimes FortiClient fails to connect to FortiGate and it returns -5052 or -5053 error codes. |
| Scope | FortiClient, SSL VPN. |
| Solution |
When establishing an SSL VPN tunnel to FortiGate, at 89% FortiClient will attempt to write to a file in its installation directory with the name 'fortisslvpn_xml.txt'. To do this, it acquires the directory path by using SHGetFolderPathA Windows API. The image is an example of a memory debug of FortiTray.exe where the SHGetFolderPathA call has been completed and the path to the FortiClient installation directory is visible on stuck.
If the above API fails to get the path the connection fails with error code -5052
After retrieving the path FortiTray.exe calls CreateFileA another Windows API, In the following debug FortiTray.exe is about to call CreateFileA.
The green box highlights the first 2 arguments of the file name and the access writes:
In this case, the file is fortisslvpn_xml.txt, and access rights GENERIC_WRITE(0x40000000). If this call fails the same as before connection is terminated with error code -5053
A connection failure of 89% means that fortisslvpn_xml.txt is inaccessible. Some of the most common cases are:
Note: Relative Virtual Addresses (RVAs) of the following functions relative to the module they are called from(module_base+RVA), on a debug of FortiTray:
Module:sslvpnlib.dll CreateFileA --> 0x928A2 SHGetFolderPathA --> 0x92825 CFortiTraySslvpn::UpdateConnectingStatus --> 0x7D210
The last one is called every time the percentage changes on the FortiClient Console and is useful for isolating each stage of the connection. |
