Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kig_admin
New Contributor

FortiClient VPN Clients forgetting credentials

Hi,

 

Bit of a newbie, please be kind :)

 

In our office, we use IPSec VPN for users to tunnel into our office network, to enable users to WFH. We have a few users who have reported that their FortiClient VPN clients (Windows 10 clients) credentials have started disappearing randomly.

 

What I have narrowed down so far -
1. Client attempts a connection, but cancels the attempt before the OTP is keyed in (or before the connection is completed)
2. Client either shuts down or restarts their computer while the VPN connection was "ON".
3. Client system's Windows update happens and it restarts the laptop or desktop even though the VPN was disconnected, the VPN client loses the user credentials.

4. In a few random instances, it just disappears for no reason what-so-ever.

 

We have upgraded all the clients to use FortiClient v7.0.2.0090 for connecting into the office, to reduce any cross-version compatibility issues.

FortiClient installation path (C:\Program Files\FortiClient) and FortiClient binaries have already been added to antivirus exclusion paths (Kaspersky/Microsoft Defender).

 

However, The credentials still randomly disappear.

 

Any other suggestion? Or any possible solutions?

6 REPLIES 6
isamt
Contributor

Are the user credentials disappearing in Foriclient 7.0.2 or the version you upgraded from? 

kig_admin

The credentials were disappearing in older versions too. But the frequency has increased in the past two or three months.

Thinking it could have been something to do with older versions, etc, I upgraded all the users to 7.0.2.0090, however, it still keeps happening.

isamt
Contributor

When you say the credentials are disappearing are you talking about the vpn tunnel configuration disappearing? 

I would check your EMS server configuration. If you have multiple EMS servers check that clients are not registered on another EMS server.

I have seen something similar where clients are registered on different EMS servers. When they are on line their config changes based on which EMS sends them an update.

You should also check and remove any remembered EMS servers on the client that are not relevant. 

kig_admin

Hi, No EMS servers here :) We're using the "free" version of the FortiClient VPN client.

 

And not the entire tunnel config, just the VPN Username and VPN password keeps disappearing.

isamt
Contributor

I have not used the free version but I assume you have configured save login and password

You can export the config and then check that the setting is actually applied.

If not you can set in the xml file and then restore the config and test again

 

kig_admin

Yup, it's configured to save login and password. I have noticed, however, when the client "forgets" the credentials, if i go to the registry key HKCU\Software\Forticlient\IPSec\Tunnels\<tunnel_name>, the "save_username" key is always 0 and however many times change it to 1 and restart, the setting changes to 0.

 

Edited for clarity using italics.