Sebastiaan_Koopmans
Contributor II

FortiClient EMS Internal Server error after upgrade 1.2

Hi,

 

We upgraded EMS from 1.05 to 1.2 but after upgrading we get the error below when we go to the console/webgui

 

Anyone an idea what to do?

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at admin@yourcompany.com to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

5 Solutions
Sebastiaan_Koopmans

Hi Steve,

No i dont now an Bug ID yet... it should be possible to upgrade (stated in the release notes) but on the moment its not possible.

 

See latest TAC reaction on our ticket below:

 

Issue that you face is already reported to engineering , once we have a feedback we will get back to you with further information

 

I will keep you updated.

 

Sebastiaan

 

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

View solution in original post

Sebastiaan_Koopmans

After the failed upgrade we reversed back to Original state (VMWare Snapshot).

 

We already had the chance to test the Beta of 1.2 and i can say there are a lot of nice changes/new features :)

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

View solution in original post

Sebastiaan_Koopmans

Hi Steve,

 

I have received some additional information.

 

The problem only occures when you are using advanced XML profiles (we are using those) so if you are using basic profiles you can try the upgrade (Make snapshot first )

 

Keep you updated

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

View solution in original post

Sebastiaan_Koopmans

Latest TAC reply:

 

Dear Customer ,  Good news! . The fix for this ready and should be rolled in the next patch release by end of Next week . If not I will confirm from our QA/Development team and provide an interim build ,as these builds are not usually good for production enviroments. For now the ticket will be moved to WaitGArelease.

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

View solution in original post

Carl_Wallmark
Valued Contributor

Heads up!

 

I upgraded EMS from 1.2.0 to 1.2.1 and it removed the keyword "prompt_username" from every SSLVPN tunnel.

And when it was gone, you could not right click on the tunnel in the lower right corner anymore, (fast way to open tunnel), you received an error saying "username cannot be blank".

 

Workaround is to manually add the keyword to the XML:

<prompt_username>1</prompt_username> 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

19 REPLIES 19
IUseFGT

They are suppose to be coming out with a fix very soon.  Probably version 1.2.1

SteveG

Many thanks for coming back, we don't use advanced profiles so that's good news.

Sebastiaan_Koopmans

@IUseFGT

 

The procedure as described will held all the data (Clients,Policy's,  settings et"c) intact?

 

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

SteveG

Well I upgraded from 1.0.5 to 1.2 last night, the upgrade went well. Server came up ok and the EMS web interface was operational. However after 4 hours of waiting, poking and prodding not a single FortiClient had successfully sync'd (we have around 1,200). So had to revert to the 1.0.5 snapshot. Ticket now with Fortinet :o

Sebastiaan_Koopmans

Hi Steve,

 

Thanks for sharing your experience, my ticket status about the upgrade has changed to Pending bugfix.

 

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

SteveG
Contributor III

Just in case anyone has the same issue here's what TAC told me. When upgrading from EMS 1.0.5 to 1.2 all FortiClients must be uninstalled and re-installed. I've pushed back on this as this isn't very practical! 

 

Having said that post upgrade I did uninstall then re-install FC using a 1.2 build and it still wouldn't sync so I'm not convinced by this response. 

Sebastiaan_Koopmans

Latest TAC reply:

 

Dear Customer ,  Good news! . The fix for this ready and should be rolled in the next patch release by end of Next week . If not I will confirm from our QA/Development team and provide an interim build ,as these builds are not usually good for production enviroments. For now the ticket will be moved to WaitGArelease.

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

Sebastiaan_Koopmans

EMS 1.2.1 is out! 

 

Upgraded it from 1.05 tot 1.2.1 and it works now!!

 

Only new issue now: all advanced XML profiles giving errors about "Failed to upgrade"

 

Added new info to our support ticket.

 

Keep you informed

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

Carl_Wallmark
Valued Contributor

Heads up!

 

I upgraded EMS from 1.2.0 to 1.2.1 and it removed the keyword "prompt_username" from every SSLVPN tunnel.

And when it was gone, you could not right click on the tunnel in the lower right corner anymore, (fast way to open tunnel), you received an error saying "username cannot be blank".

 

Workaround is to manually add the keyword to the XML:

<prompt_username>1</prompt_username> 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

Sebastiaan_Koopmans

Hi Guys,

 

We did some investigation on our profile upgrade issue when we upgrade from 1.05 to 1.2.1

 

We had added in our advanced XML an vpn option on_connect and on_disconnect , we have removed that before upgrade and then upgraded ems.

Profiles are now upgraded and then we added it again and works like charm again. (option is now in gui also possible instead of only throught advanced XML)

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0