We had a PC with a working Forticlient setup that recently stopped working. It gets stuck at 40% with the error "The server you want to connect to request identification, please chose a certificate and try again (-5)." I've read all over the forum and I've already tried:
- Ensured Internet Options have TLS 1.0, 1.1 and 1.2 enabled.
- Uninstalled and reinstalled Forticlient using latest versions (7.01.0083)
- Tried to restore previously know good configuration
- Ensured there is no "hidden window" for certificate authorization*
The same credentials work on other PCs so the issue seems to be on one PC (have a second PC with similar symptoms but haven't triaged that one yet). From the "bad" PC, we've tried accessing multiple gateways, all get the same error. So there seems to be something awry with this PC. As far as I know we don't use any certificates, at least nothing didn't come preinstalled. It is possible when the problem first showed up that there was a popup window and we hit accidentally hit "no" on the certificate authorization, but I would have figured a clean uninstall / reinstall would have cleared that flag. It is almost like this PC corrupted itself in a way a fresh install didn't fix.
Any suggestions would be appreciated. We're at a loss here.
FYI, the same credentials work on at least three other machines (but we did reset the password anyway to no effect). There is something on this one PC that is somehow broken. The FortiClient VPN was used on a nearly daily basis for 2-3 years without issue, broke a few days ago, and hasn't worked since even with successive uninstall / install of FortiClient (with reboots in between for good measure), restoring configs from old working and from external machines, debug settings, etc.
The original error reported certificate issues, which from reading are sometimes masked as TLS version support issues. So I think I'm looking for something that could result in the same "certificate error" message from FortiClient, or some way the certificate is corrupted on this one machine.
Or I'm utterly confused, which is a nonzero possibility too.
So, having the same issue with multiple WIndows 11 machines. Background:
Use FGTs, 6.4.8 firmware. Forticlients ranging from 6.4.7 to 7.0.2.
Affected machines are running Windows 11. They all run well for a month or so, then after a random update cycle, the Forticlient stalls at 40% with no successful connections from that point on. Again, this isn't a random subset of Windows 11, this is ALL 3 machines that have been running Windows 11 (two were 10 to 11 upgrades, and my test machine is a clean install from ISO).
I've been watching your posts with interest, but I don't have anything useful to add. I managed to get my computer up/running with the original OEM OS, but after installing the first update, forticlient goes back to 40% "please chose a certificate" error. Previously I'd been running fine for years and kept up to date with the latest OS updates until this issue happened.
If you do find a solution, please post it and let us (me) know. Thanks!
same here, since yesterday afternoon the same issue. We can't login in our SSL VPN. I found out it has something to do with our domain users on our devices. If I login with an local user on the same notebook, it works. Maybe a policy, but can't figure which...
No, I have not found any real solution. When I reinstalled the OEM windows environment, Forticlient logged in without any issues as it had done for years earlier. However, the first windows update patch broke it again with the same error (40% progress, bad certification error). Unfortunately, the first update is a big one and hard to "back out" that patch without reinstalling the entire OS, so I've kept the machine alive living on the OEM image with all of its foibles.
I try to monitor the postings looking for a fix, but so far I've not see anything. Please share if you find any leads.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.