Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Chi
New Contributor II

FortiSSLVPN.exe is crashing unexpectedly when in lock-screen

Hi,

 

I'm using the fortisslvpn CLI application in conjunction with Self Service Password Reset (SSPR) application. 

 

On the lock screen a user would click on the SSPR app and it runs a CLI command to open fortisslvpn.exe to connect and disconnect the VPN.

 

However, it fails with a Event ID 1000  

FortiSSLVPNclient.exe 7.0.7.345
ucrtbase.dll
10.0.19041.789
C:\Program Files\Fortinet\FortiClient\FortiSSLVPNclient.exe
C:\WINDOWS\System32\ucrtbase.dll

 

Does anyone have experience of this issue?

10 REPLIES 10
Anthony_E
Community Manager
Community Manager

Hello Chi,


Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
srajeswaran
Staff
Staff

Does it work when you connect/disconnect VPN directly from CLI?  Is the issue happen only with SSSR application?

Was this working earlier?

 

Can you also share the complete error / screenshot of the error.

 

Ref: https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-use-FortiClient-SSL-VPN-from-the-...

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Chi
New Contributor II

Hi, Thanks for replying.

 

the application works when the command is run when the user has logged into the desktop absolutely fine. 

 

the SSPR application is the only application we use and it has never worked from the lock screen.

 

I've seen the article you have posted and the command line I use works.

Chi_1-1675953477462.png

 

 

 

srajeswaran
Staff
Staff

I haven't used this application, could you please share some more details.

 

When the user click on connect (or the corresponding button), the crash occurs immediately? Or it shows some progress/transactions and then crash?

 

Can you collect a pcap as below to understand if the crash is happening due to negotiation failure or not?

1. enable wire shark on the machine , start capturing the traffic towards VPN gateway

2. Lock the machine

3. Try to connect to VPN

4. Once crash happens, login to machine and check if there are any VPN transactions/negotiations?

 

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Chi
New Contributor II

So the SSP software is an agent on each computer. 

 

on the lockscreen you click on the application and it brings up a dialog box to manage your credentials. Once the user is authenticated it will attempt to connect the VPN using a command line. The command line basically starts up SSLVPNClient which temporarily connects the VPN (with a service account) and then disconnect once the local credential has been synced. 

 

The dialog box shows a green progress bar and during the operation it will stop halfway and this is where I assume it stops and doesn't complete it. 

 

I'll try to capture the information but it seems that even before the application tries to start the connection is falls over trying to start SSLVPN to begin with.

r33boot
New Contributor

Did you ever get to the bottom of this issue ?

 

I'm having the same issue when using an SSPR solution.Works fine within Windows however on lock screen crashes with exactly the same error.

FortiSSLCPNclient - version 7.2.3.929

FortiClient version - 7.2.4

 

Chi
New Contributor II

hi, 

The only way to fix this is to use a VPN client that has the Always On feature and this is available with the EMS fortivpn solution... which used to be cheap but now the pricing structure makes it non-viable for us. However, there is a potential work around using the forticlient app for windows native client and then running a PS script to enable always on for windows VPN client. I haven't had time to look into this but I can post a link if you want to see. 

 

Other than that you might want to choose another VPN vendor. 

r33boot
New Contributor

I've heard similar regarding the EMS solution.Yes please share the link to the work around and I'll have a look and see if it's an option or not.Did you switch to another vendor ?

 

Appreciate your comments and quick response.

 

 

Chi
New Contributor II

Hi,

 

Sorry for not replying, as I didn't see the notification email until now. So in your firewall create an ipsec vpn for windows native client.

 

then on the endpoint try this

 

https://learn.microsoft.com/en-us/windows-server/remote/remote-access/tutorial-aovpn-deploy-configur...

 

let us know whether you got it working :)

no we didn't switch.. yet... 

Labels
Top Kudoed Authors