- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No access to Navision SQL server from FortiClient VPN
Hello
I have installed a Fortigate 60F firewall at a customer. When the customer uses FortiClient VPN they cannot access their Microsoft Dynamics Navision. If they use the Windows native VPN client, everything works as it should.
So why not just use this all the time? This is because the firewall does not allow two simultaneous Windows native VPN clients from the same IP address…
I get this error (see the attached file, and bear with the fact that it's in Danish. I'm sure you can translate it).
Solved! Go to Solution.
- Labels:
-
FortiClient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Given the mention of SSPI, maybe you're not letting some relevant traffic through (Kerberos, or NTLM/SMB to a DC, or to the server), or maybe the VPN client doesn't use the internal DNS server or the right DNS domain suffix?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello pminarik
It was a DNS-problem, and I solved it by choosing my own domain DNS server. When you use the "IPsecWizard", make shure to manually select your own DNS.
Thank you for showing me in the right direction :)
Best regards
T. Barnes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @PCBarnes,
Did you verify configuration? Can you also share error message translated in English?
Thanks,
Ronak Patel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Ronak
The translation to english goes like this (without the given code):
"The configuration of the SPN (delegation) is specified incorrectly."
"Server Connection URL:...."
"SPN Identity:...."
"A call to SSPI failed, see inner exception."
My comment: The server is called "Land"
Best regards T. Barnes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Can you please share the sniffer with the Source IP and Destination IP on Fotigate to check traffic flow.
Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Packet-capture-sniffer/ta-p/198313
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Rajan
I will try. My problem is, that I don't have access to the SQL server, so I have to call someone to test for me, everytime I make an experiment.
Regards T. Barnes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Given the mention of SSPI, maybe you're not letting some relevant traffic through (Kerberos, or NTLM/SMB to a DC, or to the server), or maybe the VPN client doesn't use the internal DNS server or the right DNS domain suffix?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will take a look on the DNS. There could be a solution here, as it looks like, that there is an "URL-call" to the server in the error message. Could anyone tell me though, what the difference is between Windows Native VPN client and FortiClient SSL VPN? Because the Windows Native client have no problem accessing the SQL server, but FortiClient VPN does.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello pminarik
It was a DNS-problem, and I solved it by choosing my own domain DNS server. When you use the "IPsecWizard", make shure to manually select your own DNS.
Thank you for showing me in the right direction :)
Best regards
T. Barnes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have made a "config /all command" on a pc running Windows Native VPN and on a pc running FortiClient VPN. I can see, that none of the DNS servers are pointing to the server, where the SQL-server is installed, but as I mentioned earlier, the Windows Native client works fine. The Fortinet Client also uses IPV6. Could that be a problem?
Windows Native PVN:
FortiClient VPN:
Regards T. Barnes
