Good afternoon,
I have just upgraded some of the company computers to FortiClient VPN 7.4.1.1736.
We use SAML authentication to log in.
On 90% of them everything seems fine, but on the remaining 10% they always get 'Credential or SSLVPN configuration is wrong. (-7200)'.
I have tried to log in to the VPN on the affected machines and I get the same problem.
On my machine, everything works fine, I have the same configuration as I deployed through Intune, and the affected machine's primary user can connect to the VPN from my machine.
So it doesn't seem to be a problem with the credentials or the SSL configuration.
One thing that seems strange to me is that the Fortinet SSL VPN Virtual Ethernet Adapter is missing from their network adapters. Despite our attempts to reinstall the Forticlient, the adapter won't appear. Could this be the problem? How can we solve this?
Here are the few logs I was able to get from the client:
11/12/2024 11:33:28 info sslvpn date=2024-12-11 time=11:33:27 logver=1 id=96600 type=securityevent subtype=sslvpn eventtype=status level=info uid=4 devid=FCT hostname=PO-XX pcdomain=domain.tld deviceip=172.20.10.4 devicemac=3c-21-9c-dd-29-fd site=N/A fctver=7.4.1.1736 fgtserial=FCT8002237097545 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=affected_user@domain.tld msg="SSLVPN tunnel status" vpnstate=disconnected
11/12/2024 11:35:07 error sslvpn date=2024-12-11 time=11:35:06 logver=1 id=96603 type=securityevent subtype=sslvpn eventtype=error level=error uid=4 devid=FCT hostname=PO-XX pcdomain=domain.tld deviceip=172.20.10.4 devicemac=3c-21-9c-dd-29-fd site=N/A fctver=7.4.1.1736 fgtserial=FCT8002237097545 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=affected_user@domain.tld msg="SSLVPN tunnel connection failed" vpnstate= vpntunnel="VPN Domain" remotegw=xxxx.domain.tld
11/12/2024 11:35:48 info sslvpn date=2024-12-11 time=11:35:48 logver=1 id=96600 type=securityevent subtype=sslvpn eventtype=status level=info uid=4 devid=FCT hostname=PO-XX pcdomain=domain.tld deviceip=172.20.10.4 devicemac=3c-21-9c-dd-29-fd site=N/A fctver=7.4.1.1736 fgtserial=FCT8002237097545 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=affected_user@domain.tld msg="SSLVPN tunnel status" vpnstate=disconnected
Regards,
Hello,
I was able to reproduce the issue, using on the affected computer.
Here is the log from the Fortigate :
MY-FORTI $ diag debug application fnbamd -1
Debug messages will be on for 9 minutes.
MY-FORTI $ diag debug application sslvpn -1
Debug messages will be on for 9 minutes.
MY-FORTI $ diag debug enable
MY-FORTI $ [182:root:14ad0e]allocSSLConn:310 sconn 0x7fa964e55800 (0:root)
[182:root:14ad0e]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad0e]SSL state:fatal decode error (XX.XX.XX.XX)
[182:root:14ad0e]SSL state:error:(null)(XX.XX.XX.XX)
[182:root:14ad0e]SSL_accept failed, 1:unexpected eof while reading
[182:root:14ad0e]Destroy sconn 0x7fa964e55800, connSize=8. (root)
[182:root:14ad0f]allocSSLConn:310 sconn 0x7fa964e55800 (0:root)
[182:root:14ad0f]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:before SSL initialization:(null)(XX.XX.XX.XX)
[182:root:14ad0f]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad0f]got SNI server name: sso-azure.domain.tld realm SSO_Azure
[182:root:14ad0f]client cert requirement: no
[182:root:14ad0f]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:SSLv3/TLS write change cipher spec (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:TLSv1.3 early data:(null)(XX.XX.XX.XX)
[182:root:14ad0f]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad0f]got SNI server name: sso-azure.domain.tld realm SSO_Azure
[182:root:14ad0f]client cert requirement: no
[182:root:14ad0f]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:TLSv1.3 write encrypted extensions (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:SSLv3/TLS write certificate (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:TLSv1.3 write server certificate verify (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:SSLv3/TLS write finished (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:TLSv1.3 early data:(null)(XX.XX.XX.XX)
[182:root:14ad0f]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:SSLv3/TLS read finished (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:SSLv3/TLS write session ticket (XX.XX.XX.XX)
[182:root:14ad0f]SSL state:SSLv3/TLS write session ticket (XX.XX.XX.XX)
[182:root:14ad0f]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[182:root:14ad0f]req: /remote/saml/start
[182:root:14ad0f]rmt_web_auth_info_parser_common:525 no session id in auth info
[182:root:14ad0f]rmt_web_get_access_cache:874 invalid cache, ret=4103
[182:root:14ad0f]sslvpn_auth_check_usrgroup:3050 forming user/group list from policy.
[182:root:14ad0f]sslvpn_auth_check_usrgroup:3097 got user (0) group (5:0).
[182:root:14ad0f]sslvpn_validate_user_group_list:1940 validating with SSL VPN authentication rules (3), realm (SSO_Azure).
[182:root:14ad0f]sslvpn_validate_user_group_list:2034 checking rule 1 cipher.
[182:root:14ad0f]sslvpn_validate_user_group_list:2042 checking rule 1 realm.
[182:root:14ad0f]sslvpn_validate_user_group_list:2034 checking rule 2 cipher.
[182:root:14ad0f]sslvpn_validate_user_group_list:2042 checking rule 2 realm.
[182:root:14ad0f]sslvpn_validate_user_group_list:2034 checking rule 3 cipher.
[182:root:14ad0f]sslvpn_validate_user_group_list:2042 checking rule 3 realm.
[182:root:14ad0f]sslvpn_validate_user_group_list:2053 checking rule 3 source intf.
[182:root:14ad0f]sslvpn_validate_user_group_list:2092 checking rule 3 vd source intf.
[182:root:14ad0f]sslvpn_validate_user_group_list:2591 rule 3 done, got user (0:0) group (2:0) peer group (0).
[182:root:14ad0f]sslvpn_validate_user_group_list:2599 got user (0:0) group (2:0) peer group (0).
[182:root:14ad0f]sslvpn_validate_user_group_list:2946 got user (0:0), group (2:0) peer group (0).
[182:root:14ad0f]sslvpn_update_user_group_list:1834 got user (0:0), group (2:0), peer group (0) after update.
[182:root:14ad0f][fsv_found_saml_server_name_from_auth_lst:128] Found SAML server [azure.ad.sso] in group [VPN_Users]
[182:root:14ad0f]saml login [182:1355023] SAML_INFO: Found server 'azure.ad.sso' in group 'VPN_Users'
[182:root:14ad0f]Timeout for connection 0x7fa964e55800.
[182:root:14ad0f]Destroy sconn 0x7fa964e55800, connSize=8. (root)
[182:root:14ad0f]SSL state:warning close notify (XX.XX.XX.XX)
[182:root:14ad10]allocSSLConn:310 sconn 0x7fa964e55800 (0:root)
[182:root:14ad11]allocSSLConn:310 sconn 0x7fa963ad6800 (0:root)
[182:root:14ad11]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad11]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad11]got SNI server name: sso-azure.domain.tld realm SSO_Azure
[182:root:14ad11]client cert requirement: no
[182:root:14ad11]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[182:root:14ad11]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[182:root:14ad11]SSL state:SSLv3/TLS write change cipher spec (XX.XX.XX.XX)
[182:root:14ad11]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad11]SSL state:TLSv1.3 early data:(null)(XX.XX.XX.XX)
[182:root:14ad10]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad10]SSL state:before SSL initialization:(null)(XX.XX.XX.XX)
[182:root:14ad10]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad10]got SNI server name: sso-azure.domain.tld realm SSO_Azure
[182:root:14ad10]client cert requirement: no
[182:root:14ad10]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[182:root:14ad10]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[182:root:14ad10]SSL state:SSLv3/TLS write change cipher spec (XX.XX.XX.XX)
[182:root:14ad10]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad10]SSL state:TLSv1.3 early data:(null)(XX.XX.XX.XX)
[182:root:14ad11]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad11]got SNI server name: sso-azure.domain.tld realm SSO_Azure
[182:root:14ad11]client cert requirement: no
[182:root:14ad11]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[182:root:14ad11]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[182:root:14ad11]SSL state:TLSv1.3 write encrypted extensions (XX.XX.XX.XX)
[182:root:14ad11]SSL state:SSLv3/TLS write finished (XX.XX.XX.XX)
[182:root:14ad11]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad11]SSL state:TLSv1.3 early data:(null)(XX.XX.XX.XX)
[182:root:14ad10]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad10]got SNI server name: sso-azure.domain.tld realm SSO_Azure
[182:root:14ad10]client cert requirement: no
[182:root:14ad10]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[182:root:14ad10]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[182:root:14ad10]SSL state:TLSv1.3 write encrypted extensions (XX.XX.XX.XX)
[182:root:14ad10]SSL state:SSLv3/TLS write finished (XX.XX.XX.XX)
[182:root:14ad10]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad10]SSL state:TLSv1.3 early data:(null)(XX.XX.XX.XX)
[182:root:14ad11]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad11]SSL state:SSLv3/TLS read finished (XX.XX.XX.XX)
[182:root:14ad11]SSL state:SSLv3/TLS write session ticket (XX.XX.XX.XX)
[182:root:14ad11]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[182:root:14ad10]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[182:root:14ad10]SSL state:SSLv3/TLS read finished (XX.XX.XX.XX)
[182:root:14ad10]SSL state:SSLv3/TLS write session ticket (XX.XX.XX.XX)
[182:root:14ad10]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[182:root:14ad12]allocSSLConn:310 sconn 0x7fa963b4b800 (0:root)
[182:root:14ad12]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad12]SSL state:fatal decode error (XX.XX.XX.XX)
[182:root:14ad12]SSL state:error:(null)(XX.XX.XX.XX)
[182:root:14ad12]SSL_accept failed, 1:unexpected eof while reading
[182:root:14ad12]Destroy sconn 0x7fa963b4b800, connSize=10. (root)
[182:root:14ad13]allocSSLConn:310 sconn 0x7fa963b4b800 (0:root)
[182:root:14ad13]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad13]SSL state:before SSL initialization (XX.XX.XX.XX)
[182:root:14ad13]got SNI server name: sso-azure.domain.tld realm SSO_Azure
[182:root:14ad13]client cert requirement: no
[182:root:14ad13]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS write certificate (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS write key exchange (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS write server done (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS write server done:(null)(XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS write server done (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS read client key exchange (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS read change cipher spec (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS read finished (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS write session ticket (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS write change cipher spec (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSLv3/TLS write finished (XX.XX.XX.XX)
[182:root:14ad13]SSL state:SSL negotiation finished successfully (XX.XX.XX.XX)
[182:root:14ad13]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
[182:root:14ad13]req: /remote/info
[182:root:14ad13]capability flags: 0x1cdf
[182:root:14ad13]req: /remote/saml/login
[182:root:14ad13]Transfer-Encoding n/a
[182:root:14ad13]Content-Length 10829
[182:root:14ad13]readPostEnter:19 Post Data length 10829.
[182:root:14ad13]fsv_rmt_saml_login_cb:94 SAML resp 10648.
[182:root:14ad13]fsv_rmt_saml_login_cb:103 magic id: magic=1-58baba5113237cb8
[182:root:14ad13]fsv_rmt_saml_login_cb:124 idx 1 epoch: 58baba5113237cb8
[182:root:14ad13]fsv_rmt_saml_login_cb:137 wrong vdom (0:0) or time expired.
[182:root:14ad13]Destroy sconn 0x7fa963b4b800, connSize=10. (root)
[182:root:14ad13]SSL state:warning close notify (XX.XX.XX.XX)
[182:root:14ad11]SSL state:fatal decode error (XX.XX.XX.XX)
[182:root:0]ap_read,105, error=1, errno=0 ssl 0x7fa962513000 Success. error:0A000126:SSL routines::unexpected eof while reading
[182:root:14ad11]sslvpn_read_request_common,863, ret=-1 error=-1, sconn=0x7fa963ad6800.
[182:root:14ad11]Destroy sconn 0x7fa963ad6800, connSize=9. (root)
[182:root:14ad10]SSL state:fatal decode error (XX.XX.XX.XX)
[182:root:0]ap_read,105, error=1, errno=0 ssl 0x7fa963aab000 Success. error:0A000197:SSL routines::shutdown while in init
[182:root:0]ap_read,105, error=1, errno=0 ssl 0x7fa963aab000 Success. error:0A000126:SSL routines::unexpected eof while reading
[182:root:14ad10]sslvpn_read_request_common,863, ret=-1 error=-1, sconn=0x7fa964e55800.
[182:root:14ad10]Destroy sconn 0x7fa964e55800, connSize=8. (root)
[2507] handle_req-Rcvd auth_cert req id=1339985769, len=1599, opt=8
[983] __cert_auth_ctx_init-req_id=1339985769, opt=8
[992] __cert_auth_ctx_init-OCSP resp is found.
[103] __cert_chg_st- 'Init'
[156] fnbamd_cert_load_certs_from_req-3 cert(s) in req.
[669] __cert_init-req_id=1339985769
[718] __cert_build_chain-req_id=1339985769
[273] fnbamd_chain_build-Chain discovery, opt 0x19, cur total 1
[291] fnbamd_chain_build-Following depth 0
[336] fnbamd_chain_build-Extend chain by builtin CA cache. (good)
[291] fnbamd_chain_build-Following depth 1
[336] fnbamd_chain_build-Extend chain by builtin CA cache. (good)
[291] fnbamd_chain_build-Following depth 2
[305] fnbamd_chain_build-Self-sign detected.
[99] __cert_chg_st- 'Init' -> 'Validation'
[840] __cert_verify-req_id=1339985769
[841] __cert_verify-Chain is complete.
[435] fnbamd_builtin_cert_check-Following cert chain depth 0
[435] fnbamd_builtin_cert_check-Following cert chain depth 1
[456] fnbamd_builtin_cert_check-Builtin CRL found: 244b5494
[435] fnbamd_builtin_cert_check-Following cert chain depth 2
[471] fnbamd_builtin_cert_check-Certificate status is unchecked.
[876] __cert_verify_do_next-req_id=1339985769
[99] __cert_chg_st- 'Validation' -> 'OCSP-Checking'
[898] __cert_ocsp_check-req_id=1339985769
[334] fnbamd_verify_ocsp_response-Cert status: GOOD.
[256] __cert_ocsp_resp_verify-verify_ocsp_response returns 0 -1
[99] __cert_chg_st- 'OCSP-Checking' -> 'Done'
[921] __cert_done-req_id=1339985769
[1683] fnbamd_auth_session_done-Session done, id=1339985769
[966] __fnbamd_cert_auth_run-Exit, req_id=1339985769
[1720] create_auth_cert_session-fnbamd_cert_auth_init returns 0, id=1339985769
[1639] auth_cert_success-id=1339985769
[1068] fnbamd_cert_auth_copy_cert_status-req_id=1339985769
[1195] fnbamd_cert_auth_copy_cert_status-Cert st 210, req_id=1339985769
[209] fnbamd_comm_send_result-Sending result 0 (nid 0) for req 1339985769, len=2536
[1584] destroy_auth_cert_session-id=1339985769
[1041] fnbamd_cert_auth_uninit-req_id=1339985769
If someone can help me :) .
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.