Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dibiase79
New Contributor II

FortiClient EMS ZTNA certificate issues

I am currently running Forticlient EMS server version 7.0.10.  I have 188 registered clients and we have recently updated the clients from version 7.0.9 to 7.0.10.  One of our users can't to connect to the VPN anymore.  They get connected for about 5 seconds and then disconnected.  One thing I noticed is the computer for this user has a ZTNA Status of Revoked on the EMS server.  I have uninstalled and reinstalled the client multiple times but it still shows the status as revoked.  The logs are showing a  [FortiESNAC 761 error] Could not find the desired certificate error in the logs.  I noticed there isn't an EMS certificate in the personal certificate store on that PC but working computers do have a EMS certificate installed.  I am finding almost no suggestions online for this issue other that deregister the client and re-register in EMS to get a new certificate but it isn't working.

 

revoked.JPG

5 REPLIES 5
peisenberg
Staff
Staff

ZTNA cert should not affect VPN connectivity. Did you checked FGT sslvpn logs to see any error ? 

 

TAC
Dibiase79

I did open a ticket with support last Friday and they gathered a bunch off logs but I haven't heard back from them yet.  The only thing I see in the sslvpn log is [sslvpndaemon 652 error] Broken pipe! Client is exited 

WinniePoo

Hello Dibiase79,

 

did you got an awnser?

We got the same problem.
Or could you post the ticket#, please?

Thank you very much.

best regards

Dibiase79
New Contributor II

I spend hours with fortinet support doing multiple log captures but they never figured out a solution for the issue.  It has gone away with Forticlient version 7.0.11 though.

adhingra
Staff
Staff

I was facing the same issue on my Ubuntu VM. I had to enable TPM on my VM and then it worked.
https://docs.fortinet.com/document/forticlient/7.2.3/linux-release-notes/745986/special-notices

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors