Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ghorchem
New Contributor III

FortiOS 6.0 SSL VPN Host Check Windows 10 fails

Hello i'm trying to login to our SSL VPN Web Portal and im getting "PC does not meet host checking requirements". the pc is running Windows 10 Verison: 1709. below is my diag output:

 

Fortinetgateway # [191:root:2b]allocSSLConn:280 sconn 0x561cb400 (0:root)

[190:root:2c]allocSSLConn:280 sconn 0x560e9400 (0:root)

[191:root:2b][192:root:2b]SSL state:before SSL initialization (172.168.1.3)

allocSSLConn:280 sconn 0x561cb400 (0:root)

[191:root:2b]SSL state:before SSL initialization (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS read client hello (172.168.1.3)

[192:root:2b][191:root:2b]SSL state:before SSL initialization (172.168.1.3)

[192:root:2b]SSL state:before SSL initialization (172.168.1.3)

SSL state:SSLv3/TLS write server hello (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS read client hello (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write server hello (172.168.1.3)

[190:root:2c]SSL state:before SSL initialization (172.168.1.3)

[190:root:2c]SSL state:before SSL initialization (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS read client hello (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write server hello (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write certificate (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write certificate (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write certificate (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write key exchange (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write key exchange (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write key exchange (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write server done (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS read client key exchange (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS read finished (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS read client key exchange (172.168.1.3)

[192:root:2b]SSL state:SSLv3/TLS write session ticket (172.168.1.3)

[192:root:2b][191:root:2b]SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

[191:root:2b][192:root:2b]SSL state:SSLv3/TLS read finished (172.168.1.3)

SSL state:SSLv3/TLS write finished (172.168.1.3)

[190:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

SSL state:SSLv3/TLS read client key exchange (172.168.1.3)

[192:root:2b]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[191:root:2b]SSL state:SSLv3/TLS write session ticket (172.168.1.3)

[190:root:2c][192:root:2b][191:root:2b]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS read finished (172.168.1.3)

[191:root:2b]SSL state:SSLv3/TLS write finished (172.168.1.3)

[190:root:2c]SSL state:SSLv3/TLS write session ticket (172.168.1.3)

[190:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

[191:root:2b]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[190:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)

[190:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

[190:root:2c]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[192:root:2b]req: /remote/login?lang=en

[192:root:2b]rmt_web_auth_info_parser_common:439 no session id in auth info

[192:root:2b]rmt_web_get_access_cache:760 invalid cache, ret=4103

[192:root:2b]req: /css/main-blue.css

[192:root:2b]mza: 0x134c7d8 /css/main-blue.css

[191:root:2b]req: /sslvpn/js/login.js?q=717f435f6e4f169b34

req: /remote/fgt_lang?lang=en

[191:root:2b]mza: 0x134c7b0 /sslvpn/js/login.js

[192:root:2b]req: /fonts/lato-regular.woff

[192:root:2b]def: 0x134c748 /fonts/lato-regular.woff

[191:root:2b]req: /fonts/lato-bold.woff

[191:root:2b]def: 0x134c748 /fonts/lato-bold.woff

[192:root:2b]req: /fonts/ftnt-icons.woff

[192:root:2b]def: 0x134c748 /fonts/ftnt-icons.woff

[191:root:2c]allocSSLConn:280 sconn 0x561cbd00 (0:root)

[191:root:2c]SSL state:before SSL initialization (172.168.1.3)

[191:root:2c]SSL state:before SSL initialization (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS read client hello (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write server hello (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write finished:system lib(172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

[191:root:2c]SSL state:SSLv3/TLS read finished (172.168.1.3)

[191:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

[191:root:2c]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[190:root:2c]req: /remote/logincheck

[190:root:2c]rmt_web_auth_info_parser_common:439 no session id in auth info

[190:root:2c]rmt_web_access_check:686 access failed, uri=[/remote/logincheck],ret=4103,

[190:root:2c]rmt_logincheck_cb_handler:900 user 'horchemg' has a matched local entry.

[190:root:2c]sslvpn_auth_check_usrgroup:1770 forming user/group list from policy.

[190:root:2c]sslvpn_auth_check_usrgroup:1812 got user (0) group (2:0).

[190:root:2c]sslvpn_validate_user_group_list:1440 validating with SSL VPN authentication rules (1), realm ().

[190:root:2c]sslvpn_validate_user_group_list:1488 checking rule 1 cipher.

[190:root:2c]sslvpn_validate_user_group_list:1496 checking rule 1 realm.

[190:root:2c]sslvpn_validate_user_group_list:1507 checking rule 1 source intf.

[190:root:2c]sslvpn_validate_user_group_list:1546 checking rule 1 vd source intf.

[190:root:2c]sslvpn_validate_user_group_list:1618 rule 1 done, got user (0) group (1:0).

[190:root:2c]sslvpn_validate_user_group_list:1706 got user (0), group (2:0).

[190:root:2c]two factor check for horchemg: off

[190:root:2c]sslvpn_authenticate_user:167 authenticate user: [horchemg]

[190:root:2c]sslvpn_authenticate_user:174 create fam state

[190:root:2c]fam_auth_send_req:577 with server blacklist:

[190:root:2c]fam_auth_send_req_internal:449 fnbam_auth return: 4

[190:root:2c]Auth successful for group Users_W_and_I

[190:root:2c]fam_do_cb:479 fnbamd return auth success.

[190:root:2c]SSL VPN login matched rule (0).

[190:root:2c]rmt_web_session_create:764 create web session, idx[0]

[192:root:2b]Timeout for connection 0x561cb400.

[192:root:2b]Destroy sconn 0x561cb400, connSize=0. (root)

[191:root:2b]Timeout for connection 0x561cb400.

[191:root:2b]Destroy sconn 0x561cb400, connSize=1. (root)

[191:root:2c]Timeout for connection 0x561cbd00.

[191:root:2c]Destroy sconn 0x561cbd00, connSize=0. (root)

[190:root:2c]req: /remote/hostcheck_install?auth_type=16&u

[190:root:2c]rmt_hcinstall_cb_handler:450 remote check failed

[190:root:0]sslvpn_internal_remove_one_web_session:2681 web session (root:horchemg:Users_W_and_I:172.168.1.3:0 0) removed for Server terminated session normally

[190:root:2c]req: /sslvpn/css/ssl_style.css

[190:root:2c]mza: 0x134c7e0 /sslvpn/css/ssl_style.css

[192:root:2c]allocSSLConn:280 sconn 0x561cb400 (0:root)

[192:root:2c]SSL state:before SSL initialization (172.168.1.3)

[192:root:2c]SSL state:before SSL initialization (172.168.1.3)

[192:root:2c][190:root:2c]SSL state:SSLv3/TLS read client hello (172.168.1.3)

req: /remote/fgt_lang?lang=en

[192:root:2c]SSL state:SSLv3/TLS write server hello (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write certificate (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write key exchange (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write server done:system lib(172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write server done (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS read client key exchange (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS read change cipher spec (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS read finished (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write session ticket (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write change cipher spec (172.168.1.3)

[192:root:2c]SSL state:SSLv3/TLS write finished (172.168.1.3)

[192:root:2c]SSL state:SSL negotiation finished successfully (172.168.1.3)

[192:root:2c]SSL established: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384

[190:root:2c]rmt_check_conn_session:1975 delete connection 0x560e9400 w/ web session 0

[190:root:2c]Destroy sconn 0x560e9400, connSize=0. (root)

[192:root:2c]epollFdHandler,569, sconn=0x561cb400[12,-1,-1,-1,-1], fd=12, event=25.

[192:root:2c]epollFdHandler:639 s: 0x561cb400 event: 0x19

[192:root:2c]Destroy sconn 0x561cb400, connSize=0. (root)

 

Any ideas on how to fix this? Thanks.

1 REPLY 1
andrew1
New Contributor II

Hi,

I'm having a very similar problem.

I have solved by adding the EXACT URL for the SSL VPN to the Trusted Sites in inetcpl.cpl.

 

EDITED to add: this may be relevant: [link]https://forum.fortinet.com/tm.aspx?m=145662[/link]

Labels
Top Kudoed Authors