- Fortinet Forum
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiSandbox
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- Customer Service
Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Fortinet Forum
- Re: FortiOS 6.0 SSL VPN Host Check Windows 10 fail...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
FortiOS 6.0 SSL VPN Host Check Windows 10 fails
Hello i'm trying to login to our SSL VPN Web Portal and im getting "PC does not meet host checking requirements". the pc is running Windows 10 Verison: 1709. below is my diag output:
Fortinetgateway # [191:root:2b]allocSSLConn:280 sconn 0x561cb400 (0:root)
[190:root:2c]allocSSLConn:280 sconn 0x560e9400 (0:root)
[191:root:2b][192:root:2b]SSL state:before SSL initialization (172.168.1.3)
allocSSLConn:280 sconn 0x561cb400 (0:root)
[191:root:2b]SSL state:before SSL initialization (172.168.1.3)
[191:root:2b]SSL state:SSLv3/TLS read client hello (172.168.1.3)
[192:root:2b][191:root:2b]SSL state:before SSL initialization (172.168.1.3)
[192:root:2b]SSL state:before SSL initialization (172.168.1.3)
SSL state:SSLv3/TLS write server hello (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS read client hello (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS write server hello (172.168.1.3)
[190:root:2c]SSL state:before SSL initialization (172.168.1.3)
[190:root:2c]SSL state:before SSL initialization (172.168.1.3)
[190:root:2c]SSL state:SSLv3/TLS read client hello (172.168.1.3)
[190:root:2c]SSL state:SSLv3/TLS write server hello (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS write certificate (172.168.1.3)
[190:root:2c]SSL state:SSLv3/TLS write certificate (172.168.1.3)
[191:root:2b]SSL state:SSLv3/TLS write certificate (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS write key exchange (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)
[191:root:2b]SSL state:SSLv3/TLS write key exchange (172.168.1.3)
[191:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)
[191:root:2b]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)
[190:root:2c]SSL state:SSLv3/TLS write key exchange (172.168.1.3)
[190:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)
[190:root:2c]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)
[191:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)
[190:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS read client key exchange (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS read finished (172.168.1.3)
[191:root:2b]SSL state:SSLv3/TLS read client key exchange (172.168.1.3)
[192:root:2b]SSL state:SSLv3/TLS write session ticket (172.168.1.3)
[192:root:2b][191:root:2b]SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)
SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)
[191:root:2b][192:root:2b]SSL state:SSLv3/TLS read finished (172.168.1.3)
SSL state:SSLv3/TLS write finished (172.168.1.3)
[190:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)
SSL state:SSLv3/TLS read client key exchange (172.168.1.3)
[192:root:2b]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
[191:root:2b]SSL state:SSLv3/TLS write session ticket (172.168.1.3)
[190:root:2c][192:root:2b][191:root:2b]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)
SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)
[190:root:2c]SSL state:SSLv3/TLS read finished (172.168.1.3)
[191:root:2b]SSL state:SSLv3/TLS write finished (172.168.1.3)
[190:root:2c]SSL state:SSLv3/TLS write session ticket (172.168.1.3)
[190:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)
SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)
[191:root:2b]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
[190:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)
[190:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)
[190:root:2c]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
[192:root:2b]req: /remote/login?lang=en
[192:root:2b]rmt_web_auth_info_parser_common:439 no session id in auth info
[192:root:2b]rmt_web_get_access_cache:760 invalid cache, ret=4103
[192:root:2b]req: /css/main-blue.css
[192:root:2b]mza: 0x134c7d8 /css/main-blue.css
[191:root:2b]req: /sslvpn/js/login.js?q=717f435f6e4f169b34
req: /remote/fgt_lang?lang=en
[191:root:2b]mza: 0x134c7b0 /sslvpn/js/login.js
[192:root:2b]req: /fonts/lato-regular.woff
[192:root:2b]def: 0x134c748 /fonts/lato-regular.woff
[191:root:2b]req: /fonts/lato-bold.woff
[191:root:2b]def: 0x134c748 /fonts/lato-bold.woff
[192:root:2b]req: /fonts/ftnt-icons.woff
[192:root:2b]def: 0x134c748 /fonts/ftnt-icons.woff
[191:root:2c]allocSSLConn:280 sconn 0x561cbd00 (0:root)
[191:root:2c]SSL state:before SSL initialization (172.168.1.3)
[191:root:2c]SSL state:before SSL initialization (172.168.1.3)
[191:root:2c]SSL state:SSLv3/TLS read client hello (172.168.1.3)
[191:root:2c]SSL state:SSLv3/TLS write server hello (172.168.1.3)
[191:root:2c]SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)
[191:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)
[191:root:2c]SSL state:SSLv3/TLS write finished:system lib(172.168.1.3)
[191:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)
[191:root:2c]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)
[191:root:2c]SSL state:SSLv3/TLS read finished (172.168.1.3)
[191:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)
[191:root:2c]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
[190:root:2c]req: /remote/logincheck
[190:root:2c]rmt_web_auth_info_parser_common:439 no session id in auth info
[190:root:2c]rmt_web_access_check:686 access failed, uri=[/remote/logincheck],ret=4103,
[190:root:2c]rmt_logincheck_cb_handler:900 user 'horchemg' has a matched local entry.
[190:root:2c]sslvpn_auth_check_usrgroup:1770 forming user/group list from policy.
[190:root:2c]sslvpn_auth_check_usrgroup:1812 got user (0) group (2:0).
[190:root:2c]sslvpn_validate_user_group_list:1440 validating with SSL VPN authentication rules (1), realm ().
[190:root:2c]sslvpn_validate_user_group_list:1488 checking rule 1 cipher.
[190:root:2c]sslvpn_validate_user_group_list:1496 checking rule 1 realm.
[190:root:2c]sslvpn_validate_user_group_list:1507 checking rule 1 source intf.
[190:root:2c]sslvpn_validate_user_group_list:1546 checking rule 1 vd source intf.
[190:root:2c]sslvpn_validate_user_group_list:1618 rule 1 done, got user (0) group (1:0).
[190:root:2c]sslvpn_validate_user_group_list:1706 got user (0), group (2:0).
[190:root:2c]two factor check for horchemg: off
[190:root:2c]sslvpn_authenticate_user:167 authenticate user: [horchemg]
[190:root:2c]sslvpn_authenticate_user:174 create fam state
[190:root:2c]fam_auth_send_req:577 with server blacklist:
[190:root:2c]fam_auth_send_req_internal:449 fnbam_auth return: 4
[190:root:2c]Auth successful for group Users_W_and_I
[190:root:2c]fam_do_cb:479 fnbamd return auth success.
[190:root:2c]SSL VPN login matched rule (0).
[190:root:2c]rmt_web_session_create:764 create web session, idx[0]
[192:root:2b]Timeout for connection 0x561cb400.
[192:root:2b]Destroy sconn 0x561cb400, connSize=0. (root)
[191:root:2b]Timeout for connection 0x561cb400.
[191:root:2b]Destroy sconn 0x561cb400, connSize=1. (root)
[191:root:2c]Timeout for connection 0x561cbd00.
[191:root:2c]Destroy sconn 0x561cbd00, connSize=0. (root)
[190:root:2c]req: /remote/hostcheck_install?auth_type=16&u
[190:root:2c]rmt_hcinstall_cb_handler:450 remote check failed
[190:root:0]sslvpn_internal_remove_one_web_session:2681 web session (root:horchemg:Users_W_and_I:172.168.1.3:0 0) removed for Server terminated session normally
[190:root:2c]req: /sslvpn/css/ssl_style.css
[190:root:2c]mza: 0x134c7e0 /sslvpn/css/ssl_style.css
[192:root:2c]allocSSLConn:280 sconn 0x561cb400 (0:root)
[192:root:2c]SSL state:before SSL initialization (172.168.1.3)
[192:root:2c]SSL state:before SSL initialization (172.168.1.3)
[192:root:2c][190:root:2c]SSL state:SSLv3/TLS read client hello (172.168.1.3)
req: /remote/fgt_lang?lang=en
[192:root:2c]SSL state:SSLv3/TLS write server hello (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS write certificate (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS write key exchange (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS read client key exchange (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS read finished (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS write session ticket (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)
[192:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)
[192:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)
[192:root:2c]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
[190:root:2c]rmt_check_conn_session:1975 delete connection 0x560e9400 w/ web session 0
[190:root:2c]Destroy sconn 0x560e9400, connSize=0. (root)
[192:root:2c]epollFdHandler,569, sconn=0x561cb400[12,-1,-1,-1,-1], fd=12, event=25.
[192:root:2c]epollFdHandler:639 s: 0x561cb400 event: 0x19
[192:root:2c]Destroy sconn 0x561cb400, connSize=0. (root)
Any ideas on how to fix this? Thanks.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi,
I'm having a very similar problem.
I have solved by adding the EXACT URL for the SSL VPN to the Trusted Sites in inetcpl.cpl.
EDITED to add: this may be relevant: [link]https://forum.fortinet.com/tm.aspx?m=145662[/link]
Labels
-
FortiGate
1,595 -
5.2
801 -
5.4
639 -
6.0
416 -
5.6
362 -
FortiClient
348 -
6.2
251 -
FortiManager
234 -
5.0
196 -
6.4
128 -
FortiMail
121 -
FortiAnalyzer
113 -
FortiAP
77 -
FortiAuthenticator
67 -
4.0MR3
64 -
FortiSwitch
62 -
FortiWeb
48 -
FortiGuard
24 -
Customer Service
23 -
FortiToken
23 -
FortiSIEM
20 -
FortiCloud Products
19 -
FortiGateCloud
18 -
Wireless Controller
15 -
FortiADC
14 -
FortiVoice
13 -
FortiSandbox
12 -
FortiNAC
12 -
FortiSwitch v6.4
10 -
FortiGate v5.4
9 -
4.0MR2
9 -
4.0
7 -
FortiSwitch v6.2
6 -
FortiDNS
6 -
FortiConverter
6 -
FortiExtender
6 -
FortiClient EMS
6 -
FortiWAN
6 -
FortiEDR
5 -
FortiAnalyzer v5.0
4 -
FortiGate v5.2
4 -
FortiProxy
4 -
3.6
4 -
RMA Information and Announcements
4 -
FortiCASB
3 -
FortiDDoS
3 -
FortiSoar
3 -
FortiMonitor
3 -
FortiPortal
2 -
FortiGate v5.0
2 -
FortiConnect
2 -
FortiCarrier
2 -
FortiBridge
1 -
4.0MR1
1 -
FortiRecorder
1 -
FortiScan
1 -
FortiDB
1 -
FortiDirector
1 -
FortiInsight
1 -
FortiWeb v5.0
1 -
FortiCWP
1
News & Articles
Security Research
Company
- Copyright 2021 Fortinet, Inc. All Rights Reserved.
- Terms of Service
- Privacy Policy
- GDPR