Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pittstate
New Contributor III

Anyone experiencing GUI Authentication issues on 7.4.4?

I'm probably one of the few crazy enough to run a bleeding edge release, but anyone running 7.4.4 experiencing authentication issues with the web management gui?

Symptoms include:

- AUTH failure happens with ALL local administrator accounts including the built-in.
- AUTH for admin accounts fails only on HTTPs /SSH but not on console
- A password change may TEMPORARILY resolved the issue
- Before problem occurs, accounts are able to log into the GUI for a time. When problem begins to occur a logged in user will have their GUI session terminated (forced log out).
- An admin account can be logged into the GUI, but not allowed SSH access.
- An admin account can be logged into SSH, but not allowed GUI access.

 

Debugging of httpsd yields one piece of useful information:

[httpsd 6450 - 1716567558 info] logincheck_handler[532] -- login attempt completed with code -110

 

Anyone?

1 Solution
Pittstate
New Contributor III

For anyone experiencing something like this in the future.

The problem was a combination of stale HTTPS administration sessions, coupled with the disabling of "Allow concurrent sessions" in System>Settings>Administration Settings. When only a single admin login is permitted, the stale HTTPS session prevents the affected admin user from logging in using any other method (console, ssh and gui) until the session is killed or expires.

View solution in original post

3 REPLIES 3
lgupta
Staff
Staff

Hello Pittstate, Good day!

 

Do you have remote-authentication enabled for admin access?

Can you check for this setting?

config system global
    set admin-restrict-local XXXXX
end

 Reference: https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/766272/remote-authentication-for-admini...

Also, my advise would be to have a console connection and create a support ticket when this issue resurfaces. TAC engineer would be able to look into the issue in real-time.

 

Thank You!

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
Pittstate
New Contributor III

Thank you for the suggestion. The admin-restrict-local is disabled. So I don't think that's it.

I do have a ticket in with TAC, but wanted to see if anyone else was experiencing this, and unfortunately the diagnosis is going slowly as the debug information hasn't yielded much useful information on this issue.

Pittstate
New Contributor III

For anyone experiencing something like this in the future.

The problem was a combination of stale HTTPS administration sessions, coupled with the disabling of "Allow concurrent sessions" in System>Settings>Administration Settings. When only a single admin login is permitted, the stale HTTPS session prevents the affected admin user from logging in using any other method (console, ssh and gui) until the session is killed or expires.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors