Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FKribs
New Contributor

VPN stuck at status 98%

We are running Windows Server 2012 R2. We have installed the most recent FortiNet client (vpn only), version 5.2.0.0591. We have configured an SSL-VPN connection. When we click on the " connect" button, the status progresses all the way to 98% and then hangs. We have disabled the windows firewall, do not have any anti virus software installed, no group policies are being applied, and no other applications are running when we attempt to make the VPN connection. Thanks for helping!
2 Solutions
denniswong34
New Contributor

Hi All,

 

I just fix it by apply this fix and re-install fortigate client.

https://skydrive.live.com/redir?resid=86BDD34D41D3E179!2065&authkey=!AAeyjPB4O4uVxek

 

You may find the detail from this forums. Hope this could help you all. Thanks.

https://supportforums.cisco.com/discussion/11682811/anyconnect-msi-installation-failed-windows-7

View solution in original post

greylander

Hi,

I seem to be experiencing this problem, or very similar problem. 

 

Forticlient hangs at 98% while connecting.  But this only happen occasionally -- especially if the connect dropped for some reason and I try to connect again (possibly every time this happens).

 

I am able to get Forticlient to connect if I reboot my machine.  So maybe this is not the identical problem discussed here.  Sometimes it gives the "You already have an open SSL VPN connection" warning, but not always. Either way, it stops at 98%, after a minute or so, it just clears the login fields of the forticlient window as if nothing had ever happened.

 

Rebooting my machine "resets" something and makes connection possible.  But this is a frustrating workaround.  

 

Is there a process or service I should be able to restart that would have the same effect as rebooting?

View solution in original post

101 REPLIES 101
jtfinley

Holy wrote:

Hello, no progress at the Moment. much troubleshooting and Ticket escalation by fortinet. But no final result yet. 

 

The Customer is very upset at the moment and dissapointed

What I've done was uncheck IPV6, reboot and it fixed the issue on Windows 7/8 workstations.

luca_comes
New Contributor

Hi all,

I'm facing  into the same issue which is driving me crazy. All the solutions you posted is unsuccesful in my case, some clients can connect and many other no. All Fortinet connections to many different customers are not working. I'm really depressed, anyone can give me any other hints.

 

Thanks

 

Luca

FKribs wrote:
We are running Windows Server 2012 R2. We have installed the most recent FortiNet client (vpn only), version 5.2.0.0591. We have configured an SSL-VPN connection. When we click on the " connect" button, the status progresses all the way to 98% and then hangs. We have disabled the windows firewall, do not have any anti virus software installed, no group policies are being applied, and no other applications are running when we attempt to make the VPN connection. Thanks for helping!

Paul_S

luca.comes,

 

Do all your WAN miniport adapters appear in device manager when you show hidden devices? Make sure you see "WAN Miniport (IP)" and "WAN Miniport (PPTP)".

 

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
luca_comes
New Contributor

Hi Paul,

thank you for your reply. yes all the adapters seem ok in the device manager, anyway I tried to reinstall them but the behavoiur doesn't change. The strange thing is that until 2 weeks ago all the vpns were working fine, suddenly after the 1 of may they don't work anymore while other ssl vpns (Cisco anyconect for example) are working fine. No updates were made and no network modification, also some client are working fine (mine is one of them) and many others no. I don't know what to check the log file can't help and I can't read log file from the fortinet appliance.

 

Luca

trinityhealth
New Contributor

I was having the same issue, it turned out to be an issue with vpnike.dll. Ultimately the remote access connection manger service would not start. This hotfix from microsoft fixed the issue http://hotfixv4.microsoft.com/Windows%207/Windows%20Server2008%20R2%20SP1/sp2/Fix463202/7600/free/46...)

daccu

trinityhealth wrote:

I was having the same issue, it turned out to be an issue with vpnike.dll. Ultimately the remote access connection manger service would not start. This hotfix from microsoft fixed the issue http://hotfixv4.microsoft.com/Windows%207/Windows%20Server2008%20R2%20SP1/sp2/Fix463202/7600/free/46...)

 

Can you point me to the KB article for that hotfix?  I couldn't seem to find it based on the Fix # or filename.  I'd like to know what the issue with the .dll is and what the hotfix does.  Thanks!

Asmyldz1
New Contributor

Hi Guys,

I solved problem. First you must open "Device Manger".

Second click network adapters.

Third look for "yellow cautions". Uninstall all have yellow caution adapters.

For uninstall you must look microsoft support site. 

This has solved problem. Have nice days.

 

Krish
New Contributor

I am facing the same issue, VPN not able to connect through FortiClient. I am using latest version 5.4.0.0780, windows 10 64bit. Any suggestions to resolve this would be highly appreciated. Please see the below log file

 

Thanks

 

1/22/2016 9:38:31 AM Debug VPN FortiSslvpn: 8244: fortissl_getstatus(1361) called 1/22/2016 9:38:31 AM Debug ESNAC dwSilentReg false 1/22/2016 9:38:31 AM Debug ESNAC bFirstKA true 1/22/2016 9:38:31 AM Debug ESNAC Start searching for FGT 1/22/2016 9:38:31 AM Debug AntiVirus Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F 1/22/2016 9:38:31 AM Debug ESNAC Searching Default GW 1/22/2016 9:38:33 AM Debug ESNAC Timeout in select in SocketConnect 1/22/2016 9:38:33 AM Debug ESNAC Socket connect failed 1/22/2016 9:38:33 AM Debug ESNAC 172.30.202.1:8013, Secondary - 0 1/22/2016 9:38:33 AM Debug ESNAC Searching Default GW 1/22/2016 9:38:33 AM Debug AntiVirus Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F 1/22/2016 9:38:33 AM Debug AntiVirus (repeated 1 times in last 0 sec) Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F 1/22/2016 9:38:34 AM Debug ESNAC Timeout in select in SocketConnect 1/22/2016 9:38:34 AM Debug ESNAC Socket connect failed 1/22/2016 9:38:34 AM Debug ESNAC 192.168.8.1:8013, Secondary - 0 1/22/2016 9:38:34 AM Debug ESNAC End searching for FGT 1/22/2016 9:38:34 AM Debug VPN FortiSslvpn: CSslvpnBase::RefreshConnection() Called. 1/22/2016 9:38:34 AM Debug AntiVirus Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F 1/22/2016 9:38:49 AM Debug AntiVirus (repeated 12 times in last 15 sec) Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F 1/22/2016 9:38:52 AM Debug ESNAC dwSilentReg false 1/22/2016 9:38:52 AM Debug ESNAC bFirstKA true 1/22/2016 9:38:52 AM Debug ESNAC Start searching for FGT 1/22/2016 9:38:52 AM Debug ESNAC Searching Default GW 1/22/2016 9:38:52 AM Debug AntiVirus Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F 1/22/2016 9:38:52 AM Debug AntiVirus (repeated 17 times in last 1 sec) Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F 1/22/2016 9:38:53 AM Debug ESNAC Timeout in select in SocketConnect 1/22/2016 9:38:53 AM Debug ESNAC Socket connect failed 1/22/2016 9:38:53 AM Debug ESNAC 172.30.202.1:8013, Secondary - 0 1/22/2016 9:38:53 AM Debug ESNAC Searching Default GW 1/22/2016 9:38:53 AM Debug AntiVirus Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F 1/22/2016 9:38:53 AM Debug AntiVirus (repeated 2 times in last 1 sec) Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F 1/22/2016 9:38:53 AM Debug ESNAC Timeout in select in SocketConnect 1/22/2016 9:38:53 AM Debug ESNAC Socket connect failed 1/22/2016 9:38:53 AM Debug ESNAC 192.168.8.1:8013, Secondary - 0 1/22/2016 9:38:53 AM Debug ESNAC End searching for FGT 1/22/2016 9:38:55 AM Debug AntiVirus Cannot send message to the driver(5476:1880). ErrorCode=0x0000001F

JordanAtParkRoadSolu

Hello Everyone,   I'm migrating over to Fortinet and ran accross this problem. I've listed a few possible solutions, the first of which worked for me (Windows 8.1 Pro).   Notes: All solutions below came from the following reddit thread. Fortinet now has a KB article that re-iterates my "option 3" below.       Option 1 (Worked For Me):   1) Open Network Connections  2) Note the “fortissl” connection will have the device message “Unavailable - device missing”  3) Open the properties for this connection  4) On the “General” tab: 

a. Uncheck the “Modem Removed – Unavailable device ()” device  b. Check the “ISDN channel - PPPoP WAN Adapter” device  c. Click the up arrow on the right to move the “ISDN channel - PPPoP WAN Adapter” to the top of the list  d. Set the phone number for the “ISDN channel - PPPoP WAN Adapter” to “1” (without the quotes) 

5) Click “OK” to close the “fortissl” properties  6) The “fortissl” connection should now appear gray with the device message “PPPoP WAN Adapter” and a status of “Disconnected”  7) You should now be able to successfully establish an SSL VPN connection   Option 2:

 

1) remove all fortigate instalations

2) run CCleaner to remove any remaining files and registry garbage.

3) Reboot

4) Reinstall the latest version of the forticlient. (latest not strictly needed for this)

5) it will still be broken.

6) Go to device manager

7) under network adapters, if you are having the same issue we are, you will see several miniports in a degraded state, with yellow error flags.

8) this is the important part for each one, you need to deliberately misconfigure it before removing it.

[ul]
  • Do this by selecting update driver software>browse locally>pick from my computer.
  • Uncheck the box that says "show compatible hardware" Point it at any of the microsoft generic network drivers. Literally any driver will do as long as it is wrong.
  • Once this applies (it will yell at you about not working) it will rename the miniport to whatever driver you selected.
  • At this point you can uninstall the device. Do this for every damaged miniport, and then reboot one more time.[/ul]

    "This did it for us in a recent occurrence of this situation." 

        Option 3: Repair Tool   For this particular issue, "version 1" and "version 2" of the tool is purported to work under different (undefined) circumstances. UpdateFortinet has written a KB article recommended procedures for the tool below.    https://www.vpnhosting.cz/index.php/clanky/wan-miniport-repair-tool-solve-vpn-and-dial-up-error-code...

     

  • greylander

    Hi,

    I seem to be experiencing this problem, or very similar problem. 

     

    Forticlient hangs at 98% while connecting.  But this only happen occasionally -- especially if the connect dropped for some reason and I try to connect again (possibly every time this happens).

     

    I am able to get Forticlient to connect if I reboot my machine.  So maybe this is not the identical problem discussed here.  Sometimes it gives the "You already have an open SSL VPN connection" warning, but not always. Either way, it stops at 98%, after a minute or so, it just clears the login fields of the forticlient window as if nothing had ever happened.

     

    Rebooting my machine "resets" something and makes connection possible.  But this is a frustrating workaround.  

     

    Is there a process or service I should be able to restart that would have the same effect as rebooting?

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors