Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Weatherlights
New Contributor

SSLVPN Error: code=-30008000(v1.0.1037) with Windows Store App

Hello

 

I am using the Windows Store Plugin with Intune to use a Windows VPN Profile. The first connection attempt (after reboot) is successfull and works fine. However when the connection is interrupted by anything a reconnect fails with the message

SSLVPN Error: code=-30008000(v1.0.1037). Invalid authentication cookie. Authentication failed.

A restart of the computer or manually closing the background service (using the taskmanager) resolves the issue until the connection is interrupted again.

On the fortigate is not much to see:

[165:root:110d3]allocSSLConn:280 sconn 0x7f4fd2891400 (0:root)
[165:root:110d3]SSL state:before SSL initialization (123.123.123.123)
[165:root:110d3]SSL state:before SSL initialization (123.123.123.123)
[165:root:110d3]SSL state:SSLv3/TLS read client hello (123.123.123.123)
[165:root:110d3]SSL state:SSLv3/TLS write server hello (123.123.123.123)
[165:root:110d3]SSL state:SSLv3/TLS write change cipher spec (123.123.123.123)
[165:root:110d3]SSL state:SSLv3/TLS write finished (123.123.123.123)
[165:root:110d3]SSL state:SSLv3/TLS write finished:system lib(123.123.123.123)
[165:root:110d3]SSL state:SSLv3/TLS write finished (123.123.123.123)
[165:root:110d3]SSL state:SSLv3/TLS read change cipher spec (123.123.123.123)
[165:root:110d3]SSL state:SSLv3/TLS read finished (123.123.123.123)
[165:root:110d3]SSL state:SSL negotiation finished successfully (123.123.123.123)
[165:root:110d3]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
[165:root:110d3]req: /
[165:root:110d3]mza: 0x2510890 /rmt_index.html
[165:root:110d3]def: 0x2510890 /rmt_index.html
[165:root:110d3]req: /remote/login
[165:root:110d3]deconstruct_session_id:378 decode session id ok, user=[STH_USER_CERTS,cn=UserCN],group=[adgroup],authserver=[domain.local],portal=[full-access],host=[123.123.123.123],realm=[],idx=4,auth=32,sid=31cbbb9a, login=1546890385, access=1546890385
[165:root:110d3]deconstruct_session_id:378 decode session id ok, user=[STH_USER_CERTS,cn=UserCN],group=[adgroup],authserver=[domain.local],portal=[full-access],host=[123.123.123.123],realm=[],idx=4,auth=32,sid=31cbbb9a, login=1546890385, access=1546890385
[165:root:110d3]req: /remote/logincheck?username=&credential=
[165:root:110d3]deconstruct_session_id:378 decode session id ok, user=[STH_USER_CERTS,cn=UserCN],group=[adgroup],authserver=[domain.local],portal=[full-access],host=[123.123.123.123],realm=[],idx=4,auth=32,sid=31cbbb9a, login=1546890385, access=1546890385
[165:root:110d3]req: /sslvpn/portal.html
[165:root:110d3]mza: 0x2510930 /sslvpn/portal.html
[165:root:110d3]deconstruct_session_id:378 decode session id ok, user=[STH_USER_CERTS,cn=UserCN],group=[adgroup],authserver=[domain.local],portal=[full-access],host=[123.123.123.123],realm=[],idx=4,auth=32,sid=31cbbb9a, login=1546890385, access=1546890385
[165:root:110d3]Timeout for connection 0x7f4fd2891400.

[165:root:110d3]Destroy sconn 0x7f4fd2891400, connSize=14. (root)
[165:root:110d3]allocSSLConn:280 sconn 0x7f4fd2891400 (0:root)

 

The url configured on the client is quiet simple:https://vpn.domain.com?cert=UserCN&nup=1

 

Someone else has a solution for this? Guess in the end it is a bug in the client.

 

1 REPLY 1
Weatherlights
New Contributor

OK Fortinet support told me that they no longer support the windows store app… so I guess this is a dead end.

Labels
Top Kudoed Authors