Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aguerriero
Contributor II

Server 2019 on hyper-v with Forticlient 7.2.5, ssl vpn not working

We have some hyper-v VMs that we upgraded from 7.2.3 to 7.2.5 forticlient. SSL VPN no longer works after upgrading.

We can repeat the problem by downgrading to 7.2.3 and then successfully connecting then upgrading to 7.2.5 and breaking it again.

we need to run 7.2.5 to fix a wild card FQDN issue with ztna destinations that we were experiencing on 7.2.3.

1 Solution
aguerriero
Contributor II

TAC provided me with a 7.2.5.7679 Interim build that corrected everything. Waiting for the next GA to be released before I deploy everywhere. But the interim release is enough to at least get the 2019 devs up and running.

View solution in original post

8 REPLIES 8
samandeep
Staff
Staff

Hello @aguerriero

 

Could you provide the SSL VPN debug logs from your testing with FortiClient 7.2.5? Additionally, please confirm which authentication server is being utilized.


To collect the necessary logs, please run the following commands:


diag deb app sslvpnd -1
diag deb app fnbamd -1
diag deb console time en

diag deb en

To disable:

diag deb dis


These commands will enable debug logging for SSL VPN and provide valuable information for troubleshooting.

 

Thanks,

Amandeep

aguerriero

This is the debug

2024-09-18 07:16:25 [310:root:19933]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [310:root:19933]Destroy sconn 0x7f9bf9e800, connSize=9. (root)
2024-09-18 07:16:25 [311:root:19934]allocSSLConn:310 sconn 0x7f9be59000 (0:root)
2024-09-18 07:16:25 [311:root:19934]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [311:root:19934]Destroy sconn 0x7f9be59000, connSize=1. (root)
2024-09-18 07:16:51 [306:root:19935]allocSSLConn:310 sconn 0x7f9be76000 (0:root)
2024-09-18 07:16:51 [306:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:51 [306:root:19935]Destroy sconn 0x7f9be76000, connSize=7. (root)
2024-09-18 07:16:51 [307:root:19935]allocSSLConn:310 sconn 0x7f9bf1d000 (0:root)
2024-09-18 07:16:52 [307:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:52 [307:root:19935]Destroy sconn 0x7f9bf1d000, connSize=7. (root)

aguerriero

This is the debug output.
2024-09-18 07:16:25 [310:root:19933]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [310:root:19933]Destroy sconn 0x7f9bf9e800, connSize=9. (root)
2024-09-18 07:16:25 [311:root:19934]allocSSLConn:310 sconn 0x7f9be59000 (0:root)
2024-09-18 07:16:25 [311:root:19934]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [311:root:19934]Destroy sconn 0x7f9be59000, connSize=1. (root)
2024-09-18 07:16:51 [306:root:19935]allocSSLConn:310 sconn 0x7f9be76000 (0:root)
2024-09-18 07:16:51 [306:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:51 [306:root:19935]Destroy sconn 0x7f9be76000, connSize=7. (root)
2024-09-18 07:16:51 [307:root:19935]allocSSLConn:310 sconn 0x7f9bf1d000 (0:root)
2024-09-18 07:16:52 [307:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:52 [307:root:19935]Destroy sconn 0x7f9bf1d000, connSize=7. (root)

samandeep
aguerriero

Where do I send the debug information and logs. I tried pasting the debug information in this thread but it isn't actually posting. 

samandeep

Hello @aguerriero,

How are you sharing the logs? Are you uploading files or pasting the log content directly into the forum?

Please note that file uploads are limited to 5MB.

 

Thanks,

Amandeep

aguerriero
Contributor II

I opened a ticket with TAC and sent the full forticlient diagnostics and fortigate debugs. I will be having a screenshare session with an engineer later today.

aguerriero
Contributor II

TAC provided me with a 7.2.5.7679 Interim build that corrected everything. Waiting for the next GA to be released before I deploy everywhere. But the interim release is enough to at least get the 2019 devs up and running.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors