Hello Guys,
We have quite a problem with the VPN after two simultaneous steps:
1. Migrating from version 7.2.4 to 7.4. We are using free version of FortiClient VPN 7.4.0.1658.
2. Changing the authentication from user auth to SAML SSO login for SSL VPN with Azure AD acting as SAML IdP (with external browser as user-agent for saml user authentication).
As a result, we observe 2 main problems:
1. connection crashes at 98%
2. connection does not start at all - percentages not showing the progress of connection
This happens on both Win10 and Win11. The problems are not deterministic - one day they occur on a particular client, the next day they are fine. Sometimes reinstalling the VPN client helps for a while. Sometimes you have to retry, and after several attempts it will finally connect.
Logs are attached below. I would appreciate any tips and help.
"30/07/2024 08:52:12 warning sslvpn CSslvpnAgent::InitPipeHandle() 137 CreateFile() failed.. LastError=231"
"30/07/2024 08:54:13 error sslvpn error: ras_loop(), waitResult=258."
"30/07/2024 08:55:49 error sslvpn date=2024-07-30 time=08:55:48 logver=1 id=96603 type=securityevent subtype=sslvpn eventtype=error level=error uid=xxx devid=xxx hostname=xxx pcdomain=xxx deviceip=192.168.1.10 devicemac=xxx site=N/A fctver=7.4.0.1658 fgtserial=xxx emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=xxx msg="SSLVPN tunnel connection failed" vpnstate= vpntunnel=CLVPN-Azure remotegw=xxx"
8/1/2024 3:22:21 PM warning sslvpn CSslvpnAgent::InitPipeHandle() 137 CreateFile() failed.. LastError=231
8/1/2024 5:22:50 PM error sslvpn error: WSAEnumNetworkEvents FD_CLOSE (10053)
8/1/2024 5:37:00 PM error sslvpn error: poll_recv_ssl -> SSL_get_error(): 5
8/1/2024 5:37:00 PM error sslvpn error: poll_recv_ssl -> WSAGetLastError():2746
05/08/2024 11:05:29 error sslvpn error: ras_loop(), waitResult=1.
05/08/2024 11:05:29 error sslvpn failed to create tunnel_thread thread
05/08/2024 11:05:29 error sslvpn failed to create ras_thread thread
05/08/2024 11:05:29 error sslvpn failed to create monitor_thread thread
05/08/2024 11:06:06 error sslvpn error: ras_loop(), waitResult=1.
05/08/2024 11:06:06 error sslvpn failed to create tunnel_thread thread
05/08/2024 11:06:06 error sslvpn failed to create ras_thread thread
05/08/2024 11:06:06 error sslvpn failed to create monitor_thread thread
05/08/2024 11:06:36 info sslvpn date=2024-08-05 time=11:06:35 logver=1 id=96600 type=securityevent subtype=sslvpn eventtype=status level=info uid=xxx devid=xxx hostname=xxx pcdomain=xxx deviceip=172.29.208.1 devicemac=xxx site=N/A fctver=7.4.0.1658 fgtserial=xxx emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=xxx msg="SSLVPN tunnel status" vpnstate=disconnected vpntunnel=CLVPN-Azure
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
I have to authenticate against Entra ID. Can I do that other way than using SAML?
Hi Rabbit,
Trying installing this Visual Studio Redistributable: https://aka.ms/vs/17/release/vc_redist.x64.exe
The Forticlient VPN Application is trying to start fortitray.exe, but it needs a .dll file to work (mfc140u.dll) which is missing from Windows.
After installing and a reboot, your Forticlient VPN app should work again.
I think it may be 2 separate issues. The 98% is new (to me) and wasn't happening with an older version of FC - 7.2.something. Disabling IPv6 appears to have resolved that issue.
The other issue appears to be a timeout of some sort but I don't seem to be able to pinpoint which setting controls it. If I run through the Azure auth quickly in <~30 seconds including MFA it connects fine. If I take longer, say slow rolling approval in app I get the above error.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.