Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pittstate
New Contributor III

Created on ‎05-24-2024 11:10 AM

Anyone experiencing GUI Authentication issues on 7.4.4?

I'm probably one of the few crazy enough to run a bleeding edge release, but anyone running 7.4.4 experiencing authentication issues with the web management gui?

Symptoms include:

- AUTH failure happens with ALL local administrator accounts including the built-in.
- AUTH for admin accounts fails only on HTTPs /SSH but not on console
- A password change may TEMPORARILY resolved the issue
- Before problem occurs, accounts are able to log into the GUI for a time. When problem begins to occur a logged in user will have their GUI session terminated (forced log out).
- An admin account can be logged into the GUI, but not allowed SSH access.
- An admin account can be logged into SSH, but not allowed GUI access.

 

Debugging of httpsd yields one piece of useful information:

[httpsd 6450 - 1716567558 info] logincheck_handler[532] -- login attempt completed with code -110

 

Anyone?

1540
0 Kudos
1 Solution
Pittstate
New Contributor III

Created on ‎05-26-2024 04:56 PM Edited on ‎05-26-2024 04:57 PM

For anyone experiencing something like this in the future.

The problem was a combination of stale HTTPS administration sessions, coupled with the disabling of "Allow concurrent sessions" in System>Settings>Administration Settings. When only a single admin login is permitted, the stale HTTPS session prevents the affected admin user from logging in using any other method (console, ssh and gui) until the session is killed or expires.

View solution in original post

1430
3 REPLIES 3
lgupta
Staff
Staff

Created on ‎05-26-2024 05:43 AM

Hello Pittstate, Good day!

 

Do you have remote-authentication enabled for admin access?

Can you check for this setting?

config system global
    set admin-restrict-local XXXXX
end

 Reference: https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/766272/remote-authentication-for-admini...

Also, my advise would be to have a console connection and create a support ticket when this issue resurfaces. TAC engineer would be able to look into the issue in real-time.

 

Thank You!

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
1466
Pittstate
New Contributor III
In response to lgupta

Created on ‎05-26-2024 03:27 PM

Thank you for the suggestion. The admin-restrict-local is disabled. So I don't think that's it.

I do have a ticket in with TAC, but wanted to see if anyone else was experiencing this, and unfortunately the diagnosis is going slowly as the debug information hasn't yielded much useful information on this issue.

1442
0 Kudos
Pittstate
New Contributor III

Created on ‎05-26-2024 04:56 PM Edited on ‎05-26-2024 04:57 PM

For anyone experiencing something like this in the future.

The problem was a combination of stale HTTPS administration sessions, coupled with the disabling of "Allow concurrent sessions" in System>Settings>Administration Settings. When only a single admin login is permitted, the stale HTTPS session prevents the affected admin user from logging in using any other method (console, ssh and gui) until the session is killed or expires.

1431
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.