Hi Guy,
I have an error about forticlient:
Unable to logon to the server. Your user name or password may not be configured properly for this connection. (-12)
I sure username and pass is right.
My 100D ver: v5.4.3,build1111 (GA)
Forticlient ver: 5.4.2.0860
Thanks for help.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I have solved this issue many times on Windows 2016 Server by adding the exact URL (also include custom port if needed - e.g. https://mysslvpn.domain.dom:10443) for the SSL VPN to the Trusted Sites list in Internet Options (from IE or by running "inetcpl.cpl"). Of course you need to add the URL for every SSL VPN you want to connect to.
This happens even when IE is not the default browser.
In all my instances of this issue, I also found out I could check this issue by opening the SSL VPN URL with Internet Explorer. Every time I could not connect to the SSL VPN in Web Mode from Internet Explorer (it displays "This page can't be displayed"), FortiClient was also failing just like the OP describes. (The Web Mode was working just fine on Chrome or Firefox.) The opposite was also true: when IE logged into the Web Mode, FCT was working.
(Of course Web Mode must be enabled for the relevant SSL-VPN Portal for this test to make sense.)
I also found this issue on a server with Trusted Sites locked by Group Policy - so I couldn't add a new entry. In the end I was able to solve the issue by resetting Internet Options:
(also see attached image)
[ul]
Summing it up, it is clear that something inside Internet Options is the culprit, but I wasn't able to pinpoint what exactly.
Fortinet support says that FortiClient is designed to take settings from Internet Options. At this point I'd like to know exactly what parameters are in use (I guess I can't ask support because I don't have a valid FortiClient support contract at the moment).
To anyone having this issue, I'd still recommend trying to add the SSL VPN URL to the Trusted Sites before resetting.
Please note that I am using the default certificate for the SSL VPN - but I believe this makes no difference (beyond all the expected warnings).
-a
It's almost impossible to get (-12) error without user name/password mismatch. Is this IPSec VPN or SSL VPN? Is it a local user or a remote server user (RADIUS, LDAP, TACACS+)? Can you try configuring another simple user/pass into the same user group then test?
toshiesumi wrote:It's almost impossible to get (-12) error without user name/password mismatch. Is this IPSec VPN or SSL VPN? Is it a local user or a remote server user (RADIUS, LDAP, TACACS+)? Can you try configuring another simple user/pass into the same user group then test?
Yes, I login with account server user FSSO.
But I try create 1 accout on fortinet, it's still the same error.
What is the account server's log saying? Is it even receiving queries? If you don't see anything on the server side, you probably need to run:
diag debug app fnbamd -1
to see all interactions your FG is attempting/or not attempting with the server.
For the local user this wouldn't work so you likely need to debug application either "sslvpn" (if SSL VPN) or "ike" (if IPSec VPN).
toshiesumi wrote:Thanks for help,What is the account server's log saying? Is it even receiving queries? If you don't see anything on the server side, you probably need to run:
diag debug app fnbamd -1
to see all interactions your FG is attempting/or not attempting with the server.
For the local user this wouldn't work so you likely need to debug application either "sslvpn" (if SSL VPN) or "ike" (if IPSec VPN).
I use SSL VPN.
I try connect with FortiClient 4.1
It's ok. No problem.
Hi,
I have solved this issue many times on Windows 2016 Server by adding the exact URL (also include custom port if needed - e.g. https://mysslvpn.domain.dom:10443) for the SSL VPN to the Trusted Sites list in Internet Options (from IE or by running "inetcpl.cpl"). Of course you need to add the URL for every SSL VPN you want to connect to.
This happens even when IE is not the default browser.
In all my instances of this issue, I also found out I could check this issue by opening the SSL VPN URL with Internet Explorer. Every time I could not connect to the SSL VPN in Web Mode from Internet Explorer (it displays "This page can't be displayed"), FortiClient was also failing just like the OP describes. (The Web Mode was working just fine on Chrome or Firefox.) The opposite was also true: when IE logged into the Web Mode, FCT was working.
(Of course Web Mode must be enabled for the relevant SSL-VPN Portal for this test to make sense.)
I also found this issue on a server with Trusted Sites locked by Group Policy - so I couldn't add a new entry. In the end I was able to solve the issue by resetting Internet Options:
(also see attached image)
[ul]
Summing it up, it is clear that something inside Internet Options is the culprit, but I wasn't able to pinpoint what exactly.
Fortinet support says that FortiClient is designed to take settings from Internet Options. At this point I'd like to know exactly what parameters are in use (I guess I can't ask support because I don't have a valid FortiClient support contract at the moment).
To anyone having this issue, I'd still recommend trying to add the SSL VPN URL to the Trusted Sites before resetting.
Please note that I am using the default certificate for the SSL VPN - but I believe this makes no difference (beyond all the expected warnings).
-a
@andrew. thanks your fix worked for me too. cheers Man!
Sorry for digging this topic out, but I've just had the same problem with SSL VPN with just one user. I figured out that the reason was adding this specific user to firewall policy. When I added whole user group everything was working again. Idk if it's a bug or feature, but I didn't want to create a separate topic for it. Maybe this will help somebody.
i think you missed setting for 'Authentication/Portal Mapping'.
try mapping user account & Portal.
Any update on this? I was unable to connect so I installed version 6.0 of the client and it worked fine. Then, at the end of the day, I packed up my stuff and went to my hotel (I'm on the road). When I tried to connect from the hotel, no joy. I figured that it might be an outgoing port block on the hotel's network so I just left it. When I got beck to the office again this morning, I still can't connect. I get to 80% and get that (-12) error. This is infuriating :( There is no one in my office so the Fortinet firewall can't have had its configuration changed without my knowledge.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.