Unable to unregister / uninstall / stop forticlient

nicoco59 · ‎11-25-2015

Hello everyone,

We are currently testing the forticlient 5.2. We used to install the forticlient in version 5.0.9 for which we had a template and it was working fine.

The 5.2 and now the 5.4 has been released and I guess it's time to check the new feature.

Unfortunately, i've installed a forticlient 5.2.5 which is registered with our firewall but i'm no longer able to uninstall this client.

Stop forticlient is "gray"

Unregistered is "gray"

I've also set the config : set forticlient-settings-lock disable but we are still having the same issue.

Do you have any idea ?

Many Thanks

Nick

kolawale_FTNT · ‎11-25-2015

When FortiClient is registered to a FortiGate or EMS, the client is locked. End user cannot shutdown FortiClient or uninstall it. By default, the end user can manually unregister from the FortiGate or EMS. But the administrator may disable unregister from the FortiGate or EMS.

The administrator can deregister the client from the FortiGate as follows:

- from the FortiOS GUI, right-click on the endpoint record and select "Unregister" from the shortcut menu

- from the FortiOS CLI, run the following commands:

diagnose endpoint registration list

diagnose endpoint registration deregister

The first CLI command provides the UID of registered clients (among other details). The UID is required as input for the second CLI command.

You can also deregister from the EMS GUI. Click the right mouse button on the endpoint record and select "Deregister" from the shortcut menu.

nicoco59 · ‎11-27-2015

Hello kolawale,

Thnak you for your answer. So the only way to remove the forticlient is to plug the PC on the network and then deregister the forticlient from the fortigate.

It's working but If I remember right, I used to have a button to allow configuration change. A password was required but it was easier to remove or unregister the client.

How can I permit a user to change the configuration if he know the lock password ?

Thanks.

Nick

kolawale_FTNT

Gold Member

Total Posts : 143Scores: 10Reward points: 0Joined: 10/23/2012Status: offline[/ul]

Re: Unable to unregister / uninstall / stop forticlient 2 days ago (permalink) 0 When FortiClient is registered to a FortiGate or EMS, the client is locked. End user cannot shutdown FortiClient or uninstall it. By default, the end user can manually unregister from the FortiGate or EMS. But the administrator may disable unregister from the FortiGate or EMS. The administrator can deregister the client from the FortiGate as follows: - from the FortiOS GUI, right-click on the endpoint record and select "Unregister" from the shortcut menu - from the FortiOS CLI, run the following commands: diagnose endpoint registration list diagnose endpoint registration deregister The first CLI command provides the UID of registered clients (among other details). The UID is required as input for the second CLI command. You can also deregister from the EMS GUI. Click the right mouse button on the endpoint record and select "Deregister" from the shortcut menu. Answer Helpful Report Abuse Forward Quote #2 nicoco59

Quick Reply: (Open Full Version) Paragraph Font Family Font Size

Path: p Preview

Submit Post Home » All Forums » [link=https://forum.fortinet.com/tt.aspx?forumid=121][Other Fortinet Products][/link] » FortiClient » Unable to unregister / uninstall / stop forticlient

Jump to: Jump to - - - - - - - - - - [FortiGate / FortiOS UTM features] - - - - AntiVirus - - - - Application Control - - - - Data Leak Prevention (DLP) - - - - Email filtering (AntiSPAM) - - - - Former Content Management Forum - - - - Intrusion Detection & Prevention - - - - Web Filtering [Fortinet Beta Programs] - - - - Beta Message Board [Fortinet Services] - - - - FortiCloud Threat Detection Service [Other FortiGate and FortiOS Topics] - - - - Firewall - - - - Log & Report - - - - Miscellaneous -- FortiOS and FortiGate - - - - New Features -- FortiOS - - - - Routing and Transparent Mode - - - - System settings - - - - User and Authentication - - - - VPN [Other Fortinet Products] - - - - AscenLink - - - - Coyote Point - - - - FortiAnalyzer - - - - FortiAP - - - - FortiAuthenticator - - - - FortiBalancer - - - - FortiBridge - - - - FortiCache - - - - FortiCamera & FortiRecorder - - - - FortiCarrier - - - - FortiClient - - - - FortiConverter - - - - FortiCore - - - - FortiDB - - - - FortiDDOS - - - - FortiDirector - - - - FortiDNS - - - - FortiExplorer - - - - FortiGuard - - - - FortiMail - - - - FortiManager - - - - FortiPlanner - - - - FortiSandbox - - - - FortiScan - - - - FortiSwitch - - - - FortiToken - - - - FortiVoice - - - - FortiWeb - - - - FortiWiFi [Forum Information & Miscellaneous Topics] - - - - Forum News - - - - Ideas for Forum Site - - - - Fortinet Cookbook - - - - Knowledge Base - - - - Technical -- non-FortiOS - - - - Miscellaneous -- non-technical © 2015 APG vNext Commercial Version 5.5 Latest Posts Re: No Traffic logs visible and No matching log data in FortiAnalyzer 1000B

FortiAnalyzer not generating any reports

Re: strange DNS traffic

Re: Fortimanager - FSSO User Groups

Fortiweb400C do not generate Attack report

Re: FortiCloud Sandbox - Cannot see details of "High Risk" files, alert emails not receive

Fortimanager - FSSO User Groups

Daily Limit reached with one Fortigate

Re: web pages won't open through fortiap on a laptop and some mobile phones

Re: No Traffic logs visible and No matching log data in FortiAnalyzer 1000B

[/ul] Active Posts FortiOS v5.2.4 is out(Unstable GUI, Bad SSLVPN)....

System tab missing in Chrome

Device based rule in 3 tier network with intervlan routing switch at distribution level

Fortigate IPSec VPN and iOS9

Root-CA Import for SSL-Inspection

Installation failed: service FortiShield failed to start.

Traffic with "Source Interface unknown-0" form the wireless connection.

A lot of bugs in FortiPlanner v2

Fortinet CPU and Memory

unable to restore settings and "Registering to Fortigate" popup loop

[/ul] All FAQs New features : Changing your email, screen name & username

New features: Private Messaging

New features: Marking posts as 'Answer' or 'Helpful'. Using 'Report Abuse' and Ticket List

[/ul] kolawale_FTNT

KarimAW · ‎02-04-2016

Hi nicoco59, I had same problem and I found a solution.

You used a .config file (or .xml file) with a locked password with this command line : "%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe" -m all -f ".\config.conf" -o import -i 2 -q

Inside .conf file I had a password to lock Forticlient. So I couldn't do nothing. Uninstall and update forticlient either.

Solution : I used this command line to unlock Forticlient on my machine :

"%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe" -m all -f ".\config.conf" -o import -i 2 -k <password> -q

I used the same .conf file with a password inside, but I unlock with -k command line.

For more information about fcconfig.exe :

"%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe" -h

Forticlient will be unlocked completely.

I hope to help you. Best Regards,

emnoc · ‎02-04-2016

Yeah I was thinking the same. I'm sure if you re-import the non-register configuration that should revert the FClient.

PCNSE

NSE

StrongSwan

dtellier · ‎04-07-2016

emnoc wrote:
Yeah I was thinking the same. I'm sure if you re-import the non-register configuration that should revert the FClient.

Unfortunately this does not work as expected. While KarimAW's instructions to import and export the configuration settings is correct, when you import a configuration from a non-registered FC, it still stays registered. It doesn't seem to unregister the device, even on reboot. However, when I import a configuration with Fortigates in the configuration to FC that is not registered, it will register for me. I'm looking for an easy way to batch uninstall all FC clients so I can install the latest version 5.4.0. I have a script to run to uninstall all FC clients but it will fail if the FC client is registered to my fortigate.

I could unregister the clients from fortigate but this is an extra time consuming step, I'd like this all scripted on the client end. Also, using IE11 or Chrome with FortiGate firmware 5.2.4 build688, I am unable to "unregister" any FC devices in the GUI, I am not given a context menu when right clicking on the registered client.

Anyone else find an easy way to unregister FC remotely through script or GPO?

alv001 · ‎05-05-2017

Solved: Uninstall or GPO shutdown script:

**********************************************************************

if not exist c:\windows\control md c:\windows\control

if not exist “%programfiles(x86)%\Fortinet\FortiClient\quarantine” goto finito “%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe” -m all -f “\\server\NETLOGON\Program\FortiClient_No_antivirus\No_password.conf” -o import -k password -q echo %errorlevel% > c:\windows\control\FortiClient_deleted.txt wmic product where name=”FortiClient” call uninstall /nointeractive >> c:\windows\control\FortiClient_deleted.txt echo %errorlevel% >> c:\windows\control\FortiClient_deleted.txt :finito ********************************************************************* Install or GPO startup script:

********************************************************************* If not exist c:\windows\control\FortiClient_deleted.txt goto finito msiexec /i “\\server\NETLOGON\Program\FortiClient_No_antivirus\FortiClient.msi” /q TRANSFORMS=”\\server\NETLOGON\Program\FortiClient_No_antivirus\FortiClient.mst” /L c:\windows\control\FortiClient_rewrited.txt :finito ****************************************************************** When the computer is restarted, then is rewritten FortiClient version .

alv001 · ‎05-05-2017

dtellier wrote:
Anyone else find an easy way to unregister FC remotely through script or GPO?

Solved: Uninstall or GPO shutdown script: (script removing full FortiClient version) ********************************************************************** if not exist c:\windows\control md c:\windows\control if not exist “%programfiles(x86)%\Fortinet\FortiClient\quarantine” goto finito “%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe” -m all -f “\\server\NETLOGON\Program\FortiClient_No_antivirus\No_password.conf” -o import -k password -q echo %errorlevel% > c:\windows\control\FortiClient_deleted.txt wmic product where name=”FortiClient” call uninstall /nointeractive >> c:\windows\control\FortiClient_deleted.txt echo %errorlevel% >> c:\windows\control\FortiClient_deleted.txt rem after "wmic .... uninstall" command computer restarts :finito ********************************************************************* Install or GPO startup script: (Script installing only FortiClient VPN) ********************************************************************* If not exist c:\windows\control\FortiClient_deleted.txt goto finito

if exist c:\windows\control\FortiClient_rewrited.txt type c:\windows\control\FortiClient_rewrited.txt | find /i "FortiClient -- Installation completed successfully." if %errorlevel% == 1 msiexec /i “\\server\NETLOGON\Program\FortiClient_No_antivirus\FortiClient.msi” /q TRANSFORMS=”\\server\NETLOGON\Program\FortiClient_No_antivirus\FortiClient.mst” /L c:\windows\control\FortiClient_rewrited.txt :finito ****************************************************************** When the computer is restarted, then is rewritten FortiClient version.