We had a PC with a working Forticlient setup that recently stopped working. It gets stuck at 40% with the error "The server you want to connect to request identification, please chose a certificate and try again (-5)." I've read all over the forum and I've already tried:
- Ensured Internet Options have TLS 1.0, 1.1 and 1.2 enabled.
- Uninstalled and reinstalled Forticlient using latest versions (7.01.0083)
- Tried to restore previously know good configuration
- Ensured there is no "hidden window" for certificate authorization*
The same credentials work on other PCs so the issue seems to be on one PC (have a second PC with similar symptoms but haven't triaged that one yet). From the "bad" PC, we've tried accessing multiple gateways, all get the same error. So there seems to be something awry with this PC. As far as I know we don't use any certificates, at least nothing didn't come preinstalled. It is possible when the problem first showed up that there was a popup window and we hit accidentally hit "no" on the certificate authorization, but I would have figured a clean uninstall / reinstall would have cleared that flag. It is almost like this PC corrupted itself in a way a fresh install didn't fix.
Any suggestions would be appreciated. We're at a loss here.
I apologize on the necro-bump here, but it's been an outstanding issue. Opened a ticket with Fortigate, and they've pushed the issue back on us. The issue seems to be how Windows 11 stores its private keys. Instead of keeping them locally, they're stored in AD, and are periodically synced with the OS. If you don't check into AD for a period of time (or if your OS is patched) the keys require refreshing, and until they check back in, the cert won't work with Forticlient. Can't really blame Fortinet for the Microsoft change in behavior, but something needs to get changed to fix this issue, else we're blocked from Windows 11.
Upgraded from 6.4.8 to 6.4.9 FOS to fix a bug and am experiencing the same issue as described here. We are using SAML for login with no certificate requirement. Randomly has the error about the cert, sometimes saying VPN server unreachable, sometimes just stalls at 98% and silently fails. Open case with Fortinet but not sure where it will end-up.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.