Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aguerriero
Contributor II

Created on ‎09-16-2024 03:34 PM

Server 2019 on hyper-v with Forticlient 7.2.5, ssl vpn not working

We have some hyper-v VMs that we upgraded from 7.2.3 to 7.2.5 forticlient. SSL VPN no longer works after upgrading.

We can repeat the problem by downgrading to 7.2.3 and then successfully connecting then upgrading to 7.2.5 and breaking it again.

we need to run 7.2.5 to fix a wild card FQDN issue with ztna destinations that we were experiencing on 7.2.3.

Labels:
1712
0 Kudos
1 Solution
aguerriero
Contributor II

Created on ‎10-02-2024 06:57 AM

TAC provided me with a 7.2.5.7679 Interim build that corrected everything. Waiting for the next GA to be released before I deploy everywhere. But the interim release is enough to at least get the 2019 devs up and running.

View solution in original post

1224
0 Kudos
8 REPLIES 8
samandeep
Staff
Staff

Created on ‎09-16-2024 07:44 PM Edited on ‎09-17-2024 07:19 PM

Hello @aguerriero

 

Could you provide the SSL VPN debug logs from your testing with FortiClient 7.2.5? Additionally, please confirm which authentication server is being utilized.


To collect the necessary logs, please run the following commands:


diag deb app sslvpnd -1
diag deb app fnbamd -1
diag deb console time en

diag deb en

To disable:

diag deb dis


These commands will enable debug logging for SSL VPN and provide valuable information for troubleshooting.

 

Thanks,

Amandeep

1679
aguerriero
Contributor II
In response to samandeep

Created on ‎09-17-2024 12:21 PM

This is the debug

2024-09-18 07:16:25 [310:root:19933]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [310:root:19933]Destroy sconn 0x7f9bf9e800, connSize=9. (root)
2024-09-18 07:16:25 [311:root:19934]allocSSLConn:310 sconn 0x7f9be59000 (0:root)
2024-09-18 07:16:25 [311:root:19934]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [311:root:19934]Destroy sconn 0x7f9be59000, connSize=1. (root)
2024-09-18 07:16:51 [306:root:19935]allocSSLConn:310 sconn 0x7f9be76000 (0:root)
2024-09-18 07:16:51 [306:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:51 [306:root:19935]Destroy sconn 0x7f9be76000, connSize=7. (root)
2024-09-18 07:16:51 [307:root:19935]allocSSLConn:310 sconn 0x7f9bf1d000 (0:root)
2024-09-18 07:16:52 [307:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:52 [307:root:19935]Destroy sconn 0x7f9bf1d000, connSize=7. (root)

1598
0 Kudos
aguerriero
Contributor II
In response to samandeep

Created on ‎09-17-2024 12:24 PM

This is the debug output.
2024-09-18 07:16:25 [310:root:19933]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [310:root:19933]Destroy sconn 0x7f9bf9e800, connSize=9. (root)
2024-09-18 07:16:25 [311:root:19934]allocSSLConn:310 sconn 0x7f9be59000 (0:root)
2024-09-18 07:16:25 [311:root:19934]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [311:root:19934]Destroy sconn 0x7f9be59000, connSize=1. (root)
2024-09-18 07:16:51 [306:root:19935]allocSSLConn:310 sconn 0x7f9be76000 (0:root)
2024-09-18 07:16:51 [306:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:51 [306:root:19935]Destroy sconn 0x7f9be76000, connSize=7. (root)
2024-09-18 07:16:51 [307:root:19935]allocSSLConn:310 sconn 0x7f9bf1d000 (0:root)
2024-09-18 07:16:52 [307:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:52 [307:root:19935]Destroy sconn 0x7f9bf1d000, connSize=7. (root)

1598
0 Kudos
samandeep
Staff
Staff
In response to aguerriero

Created on ‎09-18-2024 02:09 PM Edited on ‎09-18-2024 02:10 PM

Hello @aguerriero ,

 

It looks like above debug is related to internet options.

 

Please check the below article.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-When-logging-in-with-SSL-VPN-the-err...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Unable-to-establish-the-SSL-VPN-connection...

 

Thanks,

Amandeep

1534
0 Kudos
aguerriero
Contributor II
In response to samandeep

Created on ‎09-17-2024 02:11 PM

Where do I send the debug information and logs. I tried pasting the debug information in this thread but it isn't actually posting. 

1636
0 Kudos
samandeep
Staff
Staff
In response to aguerriero

Created on ‎09-17-2024 07:24 PM

Hello @aguerriero,

How are you sharing the logs? Are you uploading files or pasting the log content directly into the forum?

Please note that file uploads are limited to 5MB.

 

Thanks,

Amandeep

1610
aguerriero
Contributor II

Created on ‎09-20-2024 11:41 AM

I opened a ticket with TAC and sent the full forticlient diagnostics and fortigate debugs. I will be having a screenshare session with an engineer later today.

1492
0 Kudos
aguerriero
Contributor II

Created on ‎10-02-2024 06:57 AM

TAC provided me with a 7.2.5.7679 Interim build that corrected everything. Waiting for the next GA to be released before I deploy everywhere. But the interim release is enough to at least get the 2019 devs up and running.

1225
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.