Technical Tip: Authentication failed while accessing bookmark in web mode

bvagadia · ‎01-27-2022

Description

This articles describes that while accessing the bookmark getting authentication failed message.

Scope

FortiOS.

Solution

When the users access the SSL-VPN through web mode from Chrome, Firefox, or any browser -> enter username & password -> inside the 'Bookmark'-> then select the bookmark.

But it transfers to an Authentication screen, it set their username & passwords and then it get an error 'Authentication failed'.

Take the SSL to debug and if we can see the below message.

[3171:External:379]rdp:debug:librdp_ctx_create:150 got user name: Maor
password len: 8
domain :
[3171:External:379]rdp:info :librdp_set_tz_bias:219 set tz bias 120 mins
[3171:External:379]rdp:debug:librdp_form_connection_request:429 Attempting TLS ...
[3171:External:379]rdp:debug:librdp_switch_to_send_state:48 Switch to state LIBRDP_NEGO_SEND
[3171:External:379]rdp:debug:librdp_nego_goto_next_state:652 Switch to state LIBRDP_NEGO_RESP.
[3171:External:379]rdp:error:nego_process_negotiation_failure:760 5:The server requires that the client support Enhanced RDP Security (section 5.4) with CredSSP (section 5.4.5.2). <<<<<
[3171:External:379]rdp:error:librdp_nego:96 send connection request failed.
[3171:External:379]FRDS:librdp_process_loop() failed.

Then it means that client needs to use NLA.

Network-Level Authentication (NLA) is an RDP feature that aims to mitigate Man-In-The-Middle (MITM) attacks.

It uses CredSSP, hence why this error is visible.
Set the bookmark in FortiGate to use NLA and test again.

If the issue is still there, log a case to TAC.

Technical Tip: Authentication failed while accessing bookmark in web mode

You are leaving our website