Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jakecle67
New Contributor

Created on ‎12-02-2023 08:45 AM

IKE phase1 authentication fail as peer's certificate is not verified from forticlient logs

Hello, I'm new at this so be patient with me.

 

I'm unable to connect to my network remotely via IPsec VPN - I can connect on first PC - however unable to connect via second PC. I checked the client configuration on working PC and matched on PC that isn't connecting.

 

From my forticlient that isn't connecting via IPsec VPN

IKE phase1 authentication fail as peer's certificate is not verified

 

2/2/2023 10:52:16 AM info sslvpn date=2023-12-02 time=10:52:15 logver=1 id=96602 type=securityevent subtype=sslvpn eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="SSLVPN service started successfully" vpnstate=
12/2/2023 10:52:25 AM info system date=2023-12-02 time=10:52:24 logver=1 id=96823 type=systemevent subtype=system eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Checking for updates"
12/2/2023 10:52:32 AM info update date=2023-12-02 time=10:52:31 logver=1 id=96819 type=systemevent subtype=update eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Update was successful to the given version for the given module"
12/2/2023 10:52:32 AM info update date=2023-12-02 time=10:52:32 logver=1 id=96819 type=systemevent subtype=update eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Update was successful to the given version for the given module"
12/2/2023 10:56:00 AM info ipsecvpn date=2023-12-02 time=10:55:59 logver=1 id=96566 type=securityevent subtype=ipsecvpn eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network action=negotiate init=local mode=aggressive stage=1 dir=outbound status=success Initiator: sent 173.88.153.169 aggressive mode message #1 (OK)" vpntunnel="Home Network"
12/2/2023 10:56:00 AM info ipsecvpn date=2023-12-02 time=10:55:59 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:00 AM error ipsecvpn date=2023-12-02 time=10:55:59 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:03 AM info ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:03 AM error ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:03 AM info ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:03 AM error ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:06 AM info ipsecvpn date=2023-12-02 time=10:56:05 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:06 AM error ipsecvpn date=2023-12-02 time=10:56:05 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:09 AM info ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:09 AM error ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:09 AM info ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:09 AM error ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:12 AM warning ipsecvpn date=2023-12-02 time=10:56:11 logver=1 id=96561 type=securityevent subtype=ipsecvpn eventtype=error level=warning uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="No response from the peer, phase1 retransmit reaches maximum count" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:58:35 AM warning ipsecvpn date=2023-12-02 time=10:58:34 logver=1 id=96561 type=securityevent subtype=ipsecvpn eventtype=error level=warning uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="No response from the peer, phase1 retransmit reaches maximum count" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 11:00:28 AM info system date=2023-12-02 time=11:00:27 logver=1 id=96823 type=systemevent subtype=system eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Checking for updates"

 

#FortiClient

  •  

 

 

 

 

Labels:
5084
0 Kudos
8 REPLIES 8
hbac
Staff
Staff

Created on ‎12-02-2023 12:00 PM

Hi @jakecle67,

 

Are you using certificate for authentication? Are you connecting from 2 PCs at the same time using the same account? 

 

Regards, 

5069
jakecle67
New Contributor
In response to hbac

Created on ‎12-05-2023 12:48 AM

Hello. I'm not using certificates for my authentication. I'm using a username and password. I'm not connecting from 2 PCs at the same time.

4810
0 Kudos
pminarik
Staff
Staff
In response to jakecle67

Created on ‎12-05-2023 01:42 AM Edited on ‎12-05-2023 01:42 AM

Can you double-check? On the FortiGate, in its config ideally.

The logs metion XAUTH and aggressive mode, so presumably this is IKEv1. And in IKEv1, the username+password authentication done in XAUTH is precedent by PSK-, or certificate-, based authentication in phase1.

[ corrections always welcome ]
4792
hbac
Staff
Staff
In response to jakecle67

Created on ‎12-05-2023 06:05 AM

@jakecle67,

 

Do you have peer ID configured on the FortiGate? Since it is working on one PC but not another, it could be a client issue. Both PCs are using the same FortiClient version? 

 

On FortiClient, you can try to reenter the PSK. If it doesn't help, try deleting and creating a new VPN connection. 

 

Regards, 

4779
ChrisM589
New Contributor II

Created on ‎04-10-2025 06:20 AM

Did you ever get this resolved?

Got an identical issue.

 

Chris.

264
0 Kudos
JamsRoy
New Contributor

Created on ‎04-22-2025 07:19 AM Edited on ‎04-22-2025 01:44 PM

I have a client with this issue now. No new devices will connect. We are unable to migrate our working users and accounts to any new devices. Testing variables for over 10 hours on 3 devices and determined its fully in the FortiClient having an issue with a Windows network update. Still attempting to isolate. Fortinet communication on this has been crickets. Strange to have a certificate error preventing a connection when certificates are not in use.

Update Edit: We found running 7.2 Forticlient works with our EDR Sentinel but 7.4 does not. There was also a conflict with Sentinel and KB5055523. Resolving the EDR issue resolved our IP SEC VPN issue.

118
stevemarkovick
New Contributor

Created on ‎04-24-2025 09:02 AM

Thanks for starting this thread—these authentication errors can be a real headache, especially when things work fine on one machine but fail on another with seemingly identical settings. From the logs, it definitely looks like the peer’s certificate can’t be verified, which usually points to either a missing or untrusted certificate authority on the client side, or possibly a mismatch in expected peer ID or PSK configuration. If you’re not using certificates intentionally, it might still be worth checking whether your Phase 1 settings on the FortiGate are defaulting to certificate-based auth. Also agree with others here—recreating the VPN tunnel from scratch in FortiClient has helped me more than once.

56
ChrisM589
New Contributor II

Created on ‎04-25-2025 12:40 AM

I the moment I am just working through the process of updating the firmware in the hope it resolves the issue.

 

26
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.