FortiClient 7.0.7 App becoming unresponsive after a few weeks and no longer able to sync with EMS
We are experiencing odd behavior with FortiClient 7.0.7 on Windows 11. We have been using it successfully for a few weeks now, and the EMS configuration profiles haven't changed, but some problematic issues are beginning to arise. More and more clients are starting to not sync with the EMS server and therefore can't get updated profile information. Additionally, the FortiClient App itself becomes unresponsive once you click on either the profile tab OR if you click on the menu under the Zero Trust Telemetry Tab to check the details of the EMS connection status. You need to close and reopen the FortiClient App to be able to access the other tabs. I am unable to try uninstalling/reinstalling the FortiClient software because the policy currently applied does not allow you to quit the App or disconnect from the EMS server. If I try to uninstall from Windows Add/Remove programs I get a message that it can't be uninstalled because it is managed by an EMS server (I've tried unregistering it from the EMS side, but because the App no longer syncs correctly, the clients think and indicate they are still registered when they are not. If I try to uninstall using the FortiClient support tools, it says it can't because there is a running instance of FortiClient and that I need to stop it first, but I can't stop it because the applied policy does not let you shut it down. This same behavior is slowly trickling down to every machine in our environment.
Not sure if this is the cause, but I've also noticed that with 7.0.7 installed our EMS server name/address gets added/listed repeatedly in the "Remembered EMS List" in the client over and over again after each successful connection. We only have one EMS Server, and it used to only get listed once prior to 7.0.7. It seems like the problematic machines are the ones that are used more frequently and therefore have our EMS server in the list more times then you can even see in the display. Not sure if this is causing some kind of memory problem with the App, but the machines where it hasn't been listed as many times (because they haven't connected as much) seem to work fine.
You can see in the image below that the same EMS server is listed over and over again in the Remembered EMS List. You can also see that the client is stuck in it's last known state, it says it's status is Connected to EMS, it is not, and it also says it is syncing, it is not.
I've tried unregistering all machines in EMS and having users re-register, but only those machines that were still working properly (the ones that haven't been used as frequently) are able to re-register with EMS successfully, the problematic machines can't re-register because the FortiClient App on those machines still think they are registered.
Thankfully the profiles currently in use are still good so users can still connect to the VPN, but if anything changes in the future they will not receive the configuration changes.
All devices in the environment have the exact same hardware.
Other symptoms of this issue include the FortiClient Network Access Control process (FortiESNAC.exe) consuming 16 - 24% of the system CPU resources, even when the client is not connected.
In an attempt to resolve the issue on my machine, I just ended up booting to Safe Mode and uninstalling FortiClient using the Support Tool uninstaller. Upon re-installation, I was able to successfully re-register using an invitation email and the FortiClient Network Access Control process is now consuming virtually no CPU even when connected to the VPN. Everything is now syncing as it should again.
However, as it did before and as it is doing on all deployed machines, it is still adding multiple entries of the same server to the "Remembered EMS List", it's already up to over 16 entries listed after connecting to the VPN twice and rebooting twice. I fear that soon it will be listed hundreds if not thousands of times and begin impacting the application again. I really don't want to have to repeat this process every 3 weeks and across all of our users machines.
Regarding the duplicated entries in "Remembered EMS List", we have an internal case checking with Internal team. If you haven't raise a TAC ticket, kindly raise one as this will need to collect info & logs from your EMS and FCT to investigate further.
If anyone else experiences this, to resolve my issue, I have found that I can prevent the duplicate entries in the "Remembered EMS List" by having the client use the Connect to VPN Before Login Feature. Once they do this one time, the client stops adding the duplicate entries and all is well. They can then go back to connecting the VPN after logging into Windows as normal. So far this has prevented the client from eventually becoming unresponsive.
So my resolution was, uninstall the client (to clear the forever long "Remembered EMS List"), re-install the client, after re-registering the client, connect one time using the "Connect the VPN before Login" feature, then after that all appears to work normally. Wasn't fun to manually do this to all clients in person, but I think I'm finally out of the woods for now.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.