Solved! Go to Solution.
Hi All,
I just fix it by apply this fix and re-install fortigate client.
https://skydrive.live.com/redir?resid=86BDD34D41D3E179!2065&authkey=!AAeyjPB4O4uVxek
You may find the detail from this forums. Hope this could help you all. Thanks.
https://supportforums.cisco.com/discussion/11682811/anyconnect-msi-installation-failed-windows-7
Hi,
I seem to be experiencing this problem, or very similar problem.
Forticlient hangs at 98% while connecting. But this only happen occasionally -- especially if the connect dropped for some reason and I try to connect again (possibly every time this happens).
I am able to get Forticlient to connect if I reboot my machine. So maybe this is not the identical problem discussed here. Sometimes it gives the "You already have an open SSL VPN connection" warning, but not always. Either way, it stops at 98%, after a minute or so, it just clears the login fields of the forticlient window as if nothing had ever happened.
Rebooting my machine "resets" something and makes connection possible. But this is a frustrating workaround.
Is there a process or service I should be able to restart that would have the same effect as rebooting?
Hi,
we're facing the same Issue with FortiClient 5.4.1.0840.
Additional to that - sometimes we get connected and after that alle network drivers crash down.
Windows 10 Ver. 1607
A reboot helps for max. 1 hour - then the same things happen again.
Firewall is also shut down, same as Win Defender - we're Using Avira AntiVir.
Regards
sounds like server end problem, did you try with update?
The 98% bug has been solved in the Forticlient 5.6.x release (new VPN driver)
FortiAnalyzer / 6.4.0
FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6
FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0
FortiWeb VM / 6.3.2
FortiManager VM / 6.4.0
I am using version 5.6.2.1117 and am receiving the 98% error.
I ran the diagnostic tool and have this from the FCDiagData\VPN folder in the generated .cab file (this seems to be the most useful of the files):
Information VPN FortiSslvpn: 11156: fortissl_connect: device=ftvnic Error VPN FortiSslvpn: 4652: error: ssl_connect Error VPN FortiSslvpn: 4652: tunnel_to_fgt error Error VPN FortiSslvpn: 220: error: ras_loop(), waitResult=1. Information VPN Unable to establish the VPN connection.(E=98,T-981066010,M99,R10)
I've tried some of the suggested items - disable ipv6, virtualbox connectors - worked one time but never after the first time - even with reboot/shutdown-reboot/enable-disable these connectors/yadda-yadda-yadda...
Any/all suggestions are greatly appreciated.
Solution in post #65 works perfectly fine.
Why not do it & stop moaning?
Solved! Solved! Solved!
I have discovered what is happening!!!
When we install FortiClient again, it creates a new ISDN Channel, but it doesn't check this new ISDN Channel.
So we should to check it.
See:
Hi everyone, we recently resolved an issue very similar to this with assistance from Fortinet Support.
In our case, the cause was an invalid/unresolvable FQDN Address Object that was referenced by the SSL-VPN Firewall Policy, which in turn caused the connection to fail.
After enabling additional debugging on the FortiGate, we could see the following in the logs (some parts obfuscated):
2019-01-31 16:19:41 [217:root:521]form_ipv4_split_tunnel_addr:1503 Matched policy (id = 87) to add split tunnel routing address
2019-01-31 16:19:41 [217:root:521]form_ipv4_split_tunnel_addr:1503 Matched policy (id = 74) to add split tunnel routing address
2019-01-31 16:19:41 [217:root:521]dns_query():196 tried 1 host.local.
2019-01-31 16:19:41 [217:root:521]dns_on_read():106 get invalid response.
2019-01-31 16:19:47 [217:root:521]dns_query():196 tried 2 host.local.
2019-01-31 16:19:47 [217:root:521]dns_on_read():106 get invalid response.
2019-01-31 16:19:53 [217:root:521]dns_query():196 tried 3 host.local.
2019-01-31 16:19:53 [217:root:521]dns_on_read():106 get invalid response.
2019-01-31 16:19:59 [217:root:521]dns_query():196 tried 4 host.local.
2019-01-31 16:19:59 [217:root:521]dns_on_read():106 get invalid response.
2019-01-31 16:20:05 [217:root:521]dns timeout
2019-01-31 16:20:05 [217:root:521]form_ipv4_split_tunnel_addr:1503 Matched policy (id = 74) to add split tunnel routing address
2019-01-31 16:20:11 [217:root:0]sslvpn_internal_remove_one_web_session:2668 web session (root:<username>::<remote IP address>:0 1) removed for tunnel connection setup timeout for SSLVPN Client
2019-01-31 16:20:11 [217:root:0]sslvpn_internal_remove_apsession_by_idx:2241 free app session, idx[0]
2019-01-31 16:20:11 [217:root:521]rmt_check_conn_session:1962 delete connection 0x7f9f5ad14400 w/ web session 0
2019-01-31 16:20:11 [217:root:521]Destroy sconn 0x7f9f5ad14400, connSize=0. (root)
The debug commands used were:
dia debug console timestamp enable
dia debug app sslvpn -1
dia debug app fnbamd -1
dia debug enable
The FortiClient version was 6.0.4.0182, and FortiOS version 5.6.4.
After removing the invalid Address Object from the Policy we were able to establish an SSL-VPN connection, hopefully this helps someone else.
This is a Known Issues. The issues was fixed. Please try to use FortiClient 5.6.x.
Hi,
there was something in a ssl troubleshooting cookbook related to timeouts:
config vpn ssl settings set login-timeout 180 (default is 30) set dtls-hello-timeout 60 (default is 10)
is worth a try :)
Just solved on Win10x64Ent, FortiClient 6.0.9
Set Settings->VPN Options->Preferred DTLS Tunnel checked, and voila.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1759 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.