Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NothingKai
New Contributor

Error Forticlient stop 80%

Hi Guy,

 

I have an error about forticlient:

 

Unable to logon to the server. Your user name or password may not be configured properly for this connection. (-12)

 

I sure username and pass is right.

 

My 100D ver: v5.4.3,build1111 (GA) 

Forticlient ver: 5.4.2.0860

 

Thanks for help.

 

1 Solution
andrew1
New Contributor II

Hi,

I have solved this issue many times on Windows 2016 Server by adding the exact URL (also include custom port if needed - e.g. https://mysslvpn.domain.dom:10443) for the SSL VPN to the Trusted Sites list in Internet Options (from IE or by running "inetcpl.cpl"). Of course you need to add the URL for every SSL VPN you want to connect to.

This happens even when IE is not the default browser.

 

In all my instances of this issue, I also found out I could check this issue by opening the SSL VPN URL with Internet Explorer. Every time I could not connect to the SSL VPN in Web Mode from Internet Explorer (it displays "This page can't be displayed"), FortiClient was also failing just like the OP describes. (The Web Mode was working just fine on Chrome or Firefox.) The opposite was also true: when IE logged into the Web Mode, FCT was working.

(Of course Web Mode must be enabled for the relevant SSL-VPN Portal for this test to make sense.)

 

I also found this issue on a server with Trusted Sites locked by Group Policy - so I couldn't add a new entry. In the end I was able to solve the issue by resetting Internet Options:

(also see attached image)

[ul]
  • run Internet Options (inetcpl.cpl)
  • select the "Advanced" tab
  • Click on the "Reset..." button
  • flag "Delete personal settings" (I did that - don't know if it is needed)
  • Click "Reset"[/ul]

     

    Summing it up, it is clear that something inside Internet Options is the culprit, but I wasn't able to pinpoint what exactly.

     

    Fortinet support says that FortiClient is designed to take settings from Internet Options. At this point I'd like to know exactly what parameters are in use (I guess I can't ask support because I don't have a valid FortiClient support contract at the moment).

     

    To anyone having this issue, I'd still recommend trying to add the SSL VPN URL to the Trusted Sites before resetting.

     

    Please note that I am using the default certificate for the SSL VPN - but I believe this makes no difference (beyond all the expected warnings).

     

    -a

  • View solution in original post

    19 REPLIES 19
    Bert1
    New Contributor

    And, now it's working again...

    FatehAhmed

    Bert1 wrote:

    Any update on this?  I was unable to connect so I installed version 6.0 of the client and it worked fine.  Then, at the end of the day, I packed up my stuff and went to my hotel (I'm on the road).  When I tried to connect from the hotel, no joy.  I figured that it might be an outgoing port block on the hotel's network so I just left it.  When I got beck to the office again this morning, I still can't connect.  I get to 80% and get that (-12) error.  This is infuriating :(  There is no one in my office so the Fortinet firewall can't have had its configuration changed without my knowledge.

    Hey, I am having the same exact issue. How did it work for you? Please help

    Bert1

    For me, it just started working.  I have no idea why.

     

    On another machine, any attempt to connect will fail at least once - sometimes up to 4 times but usually once.  Then, click "Connect" again, and it works.  The failure in this case is at 10%.

    learellanom

     

     

    Hi Guys.

     

     

    I fixed this problems with this

     

    1. Control Panel -> Internet Options -> Advanced (tab) -> Security -> mark only "Use TLS 1.1" y "Use TLS 1.2"

    2. Control Panel -> Internet Options -> Security (tab) -> Trusted Sites -> Sites put  "add this website to the zone:" https://url_ip_site_gateway

     

     

    Works pretty fine, connects quickly!.

     

    Thanks

     

     

    Infacto

    I get this error every morning an sometimes multiple times on day. 

     

    Credential or ssl vpn configuration is wrong (-7200)

     

    But the credential, the vpn config and the server is ok. 

    FortiClient ****** *****!

     

    Offensive language has been removed from this post.

     

     

    julianforterga

    Your solution helped me, thank you!
    sreedx
    New Contributor

    I was struggling with the same error, your solution fixed my problem.. Thank you Genius!!

    Pratheep94

    Hello,

    How do I find my exact URL?

    Kindly help

    andyloe
    New Contributor

    Hey =) 

     

    Unfortunately, I have the same basic problem. Error Forticlient stop 80% I have already implemented all the suggested solutions including Internet Explorer Settings or configuration enabled TLSv1.1 etc.

    it says in the log "diag debug app fnbamd -1". invalid auth params for user 'vpn_test'. The user "vpn_test" is a local user and I didn't add any SSO or PKI or Domain

    My Forti is a FGT60D v6.0.13 build0443 (GA) FortiClient is v6.0.13 build0443 (GA

    Who can help me please, I am at the end of my knowledge

    Christian_89
    Contributor III

    The error message "Unable to logon to the server. Your user name or password may not be configured properly for this connection. (-12)" in FortiClient, coupled with the issue of the connection stopping at 80%, is a relatively common issue that can be caused by several factors. Here's a systematic approach to diagnosing and resolving the problem:

    ### 1. **Check User Credentials**
    - Ensure that the username and password are correct.
    - Verify that the user account is not locked or disabled on the FortiGate device.

    ### 2. **Verify SSL-VPN Settings on FortiGate**
    - Check the SSL-VPN settings on your FortiGate 100D device.
    - Verify that the user account is assigned to the correct SSL-VPN portal and has the necessary permissions.

    ### 3. **Update FortiClient**
    - The versions of FortiGate and FortiClient you're using are relatively old. Consider updating both to a compatible and supported version, as there might be known issues with those particular builds.

    ### 4. **Inspect Logs**
    - Review the FortiGate logs related to SSL-VPN connections. This can provide more detailed information about the failure.
    - Check the FortiClient logs as well. You can find them typically under "C:\Program Files (x86)\Fortinet\FortiClient\logs" on a Windows machine.

    ### 5. **Try a Different FortiClient Version**
    - Sometimes, compatibility issues between specific FortiClient and FortiGate versions can cause problems. You might try using a different version of FortiClient that is known to work with your FortiGate version.

    ### 6. **Check Firewall Policies and Routing**
    - Ensure that the firewall policies are correctly configured to allow the SSL-VPN traffic.
    - Verify that the routing is correctly configured so that the FortiClient can reach the FortiGate device.

    ### 7. **Recreate the SSL-VPN Configuration**
    - As a last resort, you might consider recreating the SSL-VPN configuration on the FortiGate device. Sometimes, configuration errors or corruptions can lead to issues that are resolved by starting fresh.

    ### 8. **Contact Fortinet Support**
    - If the issue persists, consider reaching out to Fortinet Support. They can provide expert assistance tailored to your specific configuration and environment.

    Remember, working with security devices and VPN configurations requires careful consideration of the potential impacts on your network's security and functionality. Always proceed with caution, and consider involving IT or network security professionals if you're unsure about any of the steps.

    Labels
    Top Kudoed Authors