While troubleshooting a FortiClient VPN issue, in Sysinternals Process Monitor I noticed that the client components are generating hundreds of events per second, continuously polling FortiTray_1.log, guimessenger_1.log and sslvpndaemon_1.log trace files in the user's AppData. No data is written, they're just opened, queried and closed. This happens even on a fresh unconfigured 7.0.6 install. It is just a minor nuisance and easy to filter oyt, but it might be indicative of some sort of internal application issue because for me it is very rare to encounter software with this kind of behavior. I figured I'd mention it here for it to maybe get noticed.
Additionally, I've seen that sslvpndaemon_1.log will log "[sslvpndaemon 515 debug] FortiSslvpn: CSslvpnBase::RefreshConnection() Called." every 2 seconds once it's started, and will keep doing it even after the vpn is disconnected. None of the log-related items in the xml config or in the windows registry seem to have an effect. It is unusual to see debug-level verbosity being used in production like that. The other two files are written less frequently.
I have checked an earlier 6.5 install and saw that none of these files were being logged, the appdata trace dir was empty. That also means that none of the abovementioned polling was happening.
Hi hpadm,
When logging level is set to "debug", FCT will write into logs\trace\ folder, it is expected.
We only set to "debug" when we need troubleshooting.
You can edit the logging level in FCT > settings > log > log level > change to Information if you do not want excessive logging.
If FCT is connected to EMS, you will have to configure this under Endpoint profile.
Well that's the thing - it seems these components totally ignore all logging settings and just do their own thing.
I have set log level to Emergency in the UI. I have set it to 0 in the xml config. I have flipped every log-related setting in the config to disabled. I went into the HKLM registry, went through all the components and set logging to 0 and loglevel to 0. There's also the 'fctlog' node, but it only has 'flags' and max log size. None of these had any visible effect, the trace logs were still being produced the same way.
Hi btan
Didn't work for me aswell. Even if i diable the logging in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiClient\FA_SSLVPN" it keeps logging into FortiTray_1.log. It seems like something else is creating these logs.. any ideas?
Hello,
May I know how many machines are affected?
By any chance, is the FCT installer a special build provided by Fortinet TAC to enable excessive logging for troubleshooting previously?
FYI, the official GA build number for FCT 7.0.6 is 0290, FCT 7.0.7 is 0345.
You can view it in FCT > About tab.
I have checked internally but not able to find any similar reported behavior.
If it is already an official GA build FCT, you may raise a FortiCare ticket to us to troubleshoot further.
Created on 01-30-2023 12:56 AM Edited on 01-30-2023 12:58 AM
All of the 40 Users/Machines are affected. We did a clean installation with FortiClientVPNOnlineInstaller last week. Apparently the size of appdata\roaming\forticlient folder began to increase after a few days. I double-checked the installation and reinstalled the FTC again via https://links.fortinet.com/forticlient/win/vpnagent , got the same issue.
I just checked the version on all machines --> 7.0.6.0290 , so actually the latest GA build you mentioned...
I did a rollback on my machine on version 7.0.3.0193 and tested this version. No problem so far. None of these files (fortitray_1.log, etc.) were being logged. Same experience OP had on this forum with V6.5. So it has to be something wrong with the latest version that comes through the online installer.
This article provides the solution when the error 'unable to establish the VPN connection. The VPN server may be unreachable (-20199)' is obtained in FortiClient trying to connect to the SSL-VPN. 1) Run the Wan miniport repair tool (or version 2). 2) Restart the computer and test VPN access again.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.