Hi,
I'm using the fortisslvpn CLI application in conjunction with Self Service Password Reset (SSPR) application.
On the lock screen a user would click on the SSPR app and it runs a CLI command to open fortisslvpn.exe to connect and disconnect the VPN.
However, it fails with a Event ID 1000
FortiSSLVPNclient.exe 7.0.7.345
ucrtbase.dll
10.0.19041.789
C:\Program Files\Fortinet\FortiClient\FortiSSLVPNclient.exe
C:\WINDOWS\System32\ucrtbase.dll
Does anyone have experience of this issue?
Hello Chi,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Does it work when you connect/disconnect VPN directly from CLI? Is the issue happen only with SSSR application?
Was this working earlier?
Can you also share the complete error / screenshot of the error.
Hi, Thanks for replying.
the application works when the command is run when the user has logged into the desktop absolutely fine.
the SSPR application is the only application we use and it has never worked from the lock screen.
I've seen the article you have posted and the command line I use works.
I haven't used this application, could you please share some more details.
When the user click on connect (or the corresponding button), the crash occurs immediately? Or it shows some progress/transactions and then crash?
Can you collect a pcap as below to understand if the crash is happening due to negotiation failure or not?
1. enable wire shark on the machine , start capturing the traffic towards VPN gateway
2. Lock the machine
3. Try to connect to VPN
4. Once crash happens, login to machine and check if there are any VPN transactions/negotiations?
So the SSP software is an agent on each computer.
on the lockscreen you click on the application and it brings up a dialog box to manage your credentials. Once the user is authenticated it will attempt to connect the VPN using a command line. The command line basically starts up SSLVPNClient which temporarily connects the VPN (with a service account) and then disconnect once the local credential has been synced.
The dialog box shows a green progress bar and during the operation it will stop halfway and this is where I assume it stops and doesn't complete it.
I'll try to capture the information but it seems that even before the application tries to start the connection is falls over trying to start SSLVPN to begin with.
Did you ever get to the bottom of this issue ?
I'm having the same issue when using an SSPR solution.Works fine within Windows however on lock screen crashes with exactly the same error.
FortiSSLCPNclient - version 7.2.3.929
FortiClient version - 7.2.4
hi,
The only way to fix this is to use a VPN client that has the Always On feature and this is available with the EMS fortivpn solution... which used to be cheap but now the pricing structure makes it non-viable for us. However, there is a potential work around using the forticlient app for windows native client and then running a PS script to enable always on for windows VPN client. I haven't had time to look into this but I can post a link if you want to see.
Other than that you might want to choose another VPN vendor.
I've heard similar regarding the EMS solution.Yes please share the link to the work around and I'll have a look and see if it's an option or not.Did you switch to another vendor ?
Appreciate your comments and quick response.
Created on 03-28-2024 03:01 AM Edited on 03-28-2024 03:18 AM
Hi,
Sorry for not replying, as I didn't see the notification email until now. So in your firewall create an ipsec vpn for windows native client.
then on the endpoint try this
let us know whether you got it working :)
no we didn't switch.. yet...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.