Troubleshooting Tip: Remote users failed to connect to SSL VPN with the error 'fnbam_auth_update_result return: 11 (too many login attempts)'

sakuraju · ‎02-24-2025

Description

This article describes the users failing to connect to SSL-VPN with the error 'fnbam_auth_update_result return: 11 (too may login attempts)'.

Scope

FortiGate v7.x.

Solution

A local user without MFA cannot connect to an SSL VPN. The SSL VPN debugs show 'too many login attempts'.

[180:root:1502010]sslvpn_authenticate_user:221 create fam state
[180:root:1502010][fam_auth_send_req_internal:432] Groups sent to FNBAM:
[180:root:1502010]group_desc[0].grpname = test-usergroup
[180:root:1502010][fam_auth_send_req_internal:444] FNBAM opt = 0X200420
[180:root:1502010]fam_auth_send_req_internal:513 fnbam_auth return: 4
[180:root:1502010]fam_auth_proc_resp:1365 fnbam_auth_update_result return: 11 (too may login attempts)
[180:root:1502010]login_failed:480 user[test],auth_type=1 failed [sslvpn_login_unknown_user]
[180:root:1502010]Transfer-Encoding n/a
[180:root:1502010]Content-Length 237
[180:root:1502010]Timeout for connection 0x7f6d08471000.

Check and clear if the user's public ip is listed in the SSL VPN block list:

diagnose vpn ssl blocklist list

diagnose vpn ssl blocklist del <user's_public_ip>

If the user's IP is not listed in the blocklist and still getting the above errors, restart the fnbamd process.

fnsysctl killall fnbamd

Related articles:

Troubleshooting Tip: Remote users failed to connect to SSL VPN with the error 'fnbam_auth_update_result return: 11 (too many login attempts)'

You are leaving our website