Failed to acquire IP address?

Report Inappropriate Content · ‎07-02-2007

Hi there On two client computers I have the following problem. When I try to connect to the remote network (FGT60) everything looks great (ie negotiation succeded! etc) but the remote network is not reachable. After a while (a couple of minutes) FortiClient says that it' s having problems connecting to the remote gateway. The FortiClient log says that it fails to acquire an IP address. However, it is configured for manual VIP. The connection file is exported from another computer where it works (but this computer is not connected while I' m trying to connect from the troublesome machines). If I look at my network connections I can see that the virtual fortinet network adapter goes from " not connected" to " Acquiring IP address" and the nothing happens. On the computer where it works, it stays in that state for a second or so before it switches to " Connected" . One of the troublesome computers is same model and set up in the same way as the working one, the other is different. OS is XP Pro on one and XP Home on the other. Oh, and the exported connection file works on 15 other computers... I' m stuck! Anyone?

abelio · ‎07-06-2007

Hi Guran, Can we suppose that you' ve tried http://kc.forticare.com/default.asp?id=1652&SID=&Lang=1 already?

regards

/ Abel

vanc · ‎07-06-2007

Guran, You can do packet capture on the Fortinet Virtual Adapter. If you don' t see any faked DHCP packets, things are messed up. Another thing, please take a look at the Properties of the Fortinet Virtual Adapter. (Right click on the connection icon in the " Network Connections" dialog. If you see some unusual protocols or services bound to the adapter, please uncheck them and try again. It' s known that Microsoft Virtual PC drivers will eat up the DHCP packets generated by FortiClient.

Report Inappropriate Content · ‎07-13-2007

Abelio: Yes, I checked that before I started this thread (hnn, I thought I mentioned that...). It wasn' t enabled. vanc: I' m on vacation now, but I' ll do that once I.m back at work. I' ll be back with the results. Until then; Thanks for your answers. C' ya later!

Report Inappropriate Content · ‎07-23-2007

I' ve found the same since we upgraded the firmware on the fortigate unit to the latest release. If I reload the previous o/s it all works ok regardless of the version of the forticlient. The client reports it was unable to obtain an ip address (which should be via dhcp relay). There are some debug commands to use on the fortigate which I will try tomorrow regarding dhcp relay.

Report Inappropriate Content · ‎08-12-2007

Same problem here. Forticlient settings loaded from working backup changed the manual IP to a reserved free IP in the span. Negotiation ok and everything seems fine the first couple of times but then fails with the " Failed to acquire IP address" error. Did a reinstall of Forticlient and did' nt load the settings from file this time. Works a couple of times, even after a reboot. But got a mail later that day from the customer that he got the same error again. On the first install I got a message about Skype and kerneldrivers I think? The Forticlient wanted me to shut down Skype so it could' nt mess up my installation. Now I am guessing that it could either be Skype, Norton Internet Security or a bug in Forticlient. Guran do you have any of theese programs installed on the computer? We are using: Fortigate-50A 2.80,build359,050210 (The log seems ok on this) Forticlient 3.0.395 (Only the VPN is installed) Windows XP Pro If I got this right the Forticlient fakes DHCP packets when I use manual configured IP-address? So this means that the problem is on the computer and not the Fortigate? My next move seems to be: Disable all protocols but TCP/IP on the virtual adapter. Think I' ll try LSPfix and Hijackthis to see if anything " hooks" on to the TCP/IP Update Skype if possible (Already tried to connect with Skype closed) Update Norton (Does' nt work even when it is disabled) Anything else anyone could think of? Update: Updated Skype to latest version. Seems to work after reboot. Seems like Skype is generating more and more support cases for me the lately. Hope this has solved the problem once and for all. Will check with the costumer regular and keep you guys posted.

Report Inappropriate Content · ‎08-24-2007

Alright, I' ve been gone for a while. Vacation and the birth of my daughter. I started looking into this again today. I started by sniffing the vitual adapter. It recieves the DHCP address offering OK, but seems to ignore it and just asks for an address again. I checked what protocols were installed and found a couple of suspects; Acer Network Monitor and OSA NdisFilter Protocol. After disabling them it worked. Just for the sake of it I had to try which one was causing the problem, and it turned out to be the OSA NdisFilter Protocol. Well, now one of the machines is running, the other one is in a remote location (actually it' s in your town xt8), but I' ll go there next week. Let' s see if it' s the same problem there. I' ll let you know! In the meantime, thanks for your replies (and special thanks to vanc for the solution)! Oh, I almost forgot; No xt8, I don' t have any of those programs installed.

Report Inappropriate Content · ‎09-02-2007

OK, I went to the other client last week. Things looked pretty strange, there wasn' t even a Fortinet Virtual Adapter. Unfortunately I can' t recall what I did last time I was there. I surely did some experiments, so I might be the reason for that. Well, now I uninstalled and then reinstalled FortiClient. I checked that there weren' t any strange protocols installed on the virtual adapter. I tried to connect, and it worked! Now I' m glad that the case is closed, but also a little sad that I couldn' t find a reason that it didn' t work earlier. Well, well... Thanks again for your help folks!