Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MontanaMike
Contributor

Created on ‎09-06-2024 09:07 AM

Forticlient VPN Won't Connect

Good morning,

 

We have an issue that showed up this week (Tuesday) with two users VPN'ing from home.  They are getting a "The server want to connect to requests identification, please choose a certificate and try again. [-5]" error.  Interesting thing is that I don't require nor have we set up client certs for SSL VPN and it's only 2 users out of about 15 right now that are getting the error.  We are running a mix of Forticlient versions (6.0.9, 6.0.10 and some 7.2 versions) and don't have a support contract on the clients.  Another interesting thing is if we uninstall and remove it completely from their PCs  (Windows 10 and 11 are the two OS's) and install a new version as a test, it gets the same error.  Also...using a different Windows profile fails as well.


I found this article and followed the instructions and it's still not working: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-solve-The-server-you-want-to-connec...

 

I also found a few threads on Reddit that suggested an Adobe update could mess up the cert store but that seems to be a dead end.  Again...we don't require client certificates for SSL VPN auth.

Note:  No changes were made to the Fortigate so I don't think that's it.  Plus the other 1o-13 users aren't having any issues,

I'd appreciate any suggestions or at the very least, find others having the issue too.  Again...this just cropped up on Tuesday September 3rd.image.png

-Mike

-Mike
Labels:
3279
0 Kudos
16 REPLIES 16
MontanaMike
Contributor
In response to samandeep

Created on ‎09-10-2024 06:02 AM

as my OP stated, VPN is been working normally (for years) and all other users, except the two affected, are not having any issues.

-Mike

-Mike
488
0 Kudos
MontanaMike
Contributor
In response to samandeep

Created on ‎09-10-2024 08:20 AM

fyi.  no virtual patching is enabled.  Actually..no settings are.

FW_1 (local-in-policy) # show full-configuration
config firewall local-in-policy
end

FW_1 (local-in-policy) #

-Mike

-Mike
474
0 Kudos
MontanaMike
Contributor

Created on ‎09-18-2024 02:46 PM

To make this even odder, we had the 2 remote staff bring their machines in so we could uninstall in safe mode.

One we did and then reinstalled and the issue persisted.  On a whim, my Helpdesk guy removed the PC from the AD domain and tested VPN and it worked normally.  Then he added it back to the AD domain and it continued to work.

The second one all he did was remove the PC from the AD domain and tested the VPN client as is and it worked normally.  Then added the PC back to the domain and VPN continued to work.

I'm not sure why it would matter unless some kind of GP is preventing it from connecting but then why would it work prior to all these issues as well as after rejoining the domain?

-Mike

-Mike
395
0 Kudos
Zekeout
New Contributor II

Created on ‎09-23-2024 06:37 AM

We are seeing the exact same issue on some workstations after upgrading from 7.2.3 to 7.2.4

 

https://community.fortinet.com/t5/Support-Forum/Forticlient-7-2-4-trying-to-use-certificates-when-no...

 

Updating to 7.2.5 appears to have fixed the problem for us

347
MontanaMike
Contributor
In response to Zekeout

Created on ‎09-30-2024 06:05 AM

That's good to know.  I'm going to apply the 7.2.5 firmware in the near future and will report back here.

-Mike

-Mike
255
0 Kudos
arahman
Staff
Staff

Created on ‎09-30-2024 01:46 PM

also based on the output debugs you have shared and seeing SSL_accept failed, 1:no shared cipher

 for error like this the article below is worth checking 

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-no-shared-cipher-error-in-an-SSL-VPN...

247
0 Kudos
Shashwati
Staff
Staff

Created on ‎09-30-2024 02:31 PM

Hello

Please  run the packet capture command on Firewall 

diagnose sniffer packet any 'host X.X.X.X'  6 0 l     [User's IP address]

242
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.