Hi,
how could I troubleshoot unsuccessful SSL VPN connections to Fortigate, I have a client that send me screenshot with error "Unable to logon to the server. Your username or password may not be configured properly for this connection. (-12)"
How could I dig into this issue, other users connecting without problem so config is right, we use windows NPS as authentication for users. I checked this user domain account and is enabled and active.
I found a command:
diagnose debug application sslvpn -1
diagnose debug enable
but this is rather for live monitoring, how could I find a reason for this unsuccessful SSL VPN connection from two days ago. On Fortianalyzer in SSL & Dialup Ipsec I see only successful connections.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Thank you for your question. From logs, you can only check if the username was used for authentication and if the authentication was ok or not. Other than this, live debug is only option to see what is wrong. With sslvpn use also fnbamd (process for authentication).
diag debug app sslvpn -1
diag debug app fnbamd -1
diag debug console time en
diag debug enable
And then user needs to try connect and if he will get error, you should be able to trace based on this public IP address and username used for authentication.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.