The issue mainly occurred on FortiGate v6.2, and when 2FA was enabled. 

When 2FA is enabled, the correct behavior is the user should receive a notification code for the two-factor authentication once the credential has been entered, however, in this instance, the user received no prompt messages for 2FA and instead received an error.

The best action to take at this point would be to run an SSL VPN and FNBAMD debug to see some more details as to what is occurring. The steps to run this debug and interpret its output are in this article: Technical Tip: FortiGate debug SSL VPN daemon - Fortinet Community.

In some cases, another step to troubleshoot would be to  manually enter the token code and append it to the password during authentication.  The format will be 'password+2FA'.

Example:

• Password: 'Test'.
• Token code: '1234'.

The user should use 'Test1234' when logging in to the authentication prompt. 

When logging into the authentication prompt, the user should use the format 'password+2FA' or type 'Test1234'. 

If this ends up solving the issue, investigate how 2FA is configured in the FortiGate. If using a RADIUS server for the token, there may be a timeout expiring before the user is able to put the token in and complete the authentication. This article goes over the timers on the FortiGate side; there may be equivalent timers that need to be changed on the RADIUS side: 
Technical Tip: SSL VPN and two-factor expiry timers