- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- VPN stuck at status 98%
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN stuck at status 98%
We are running Windows Server 2012 R2. We have installed the most recent FortiNet client (vpn only), version 5.2.0.0591. We have configured an SSL-VPN connection. When we click on the " connect" button, the status progresses all the way to 98% and then hangs. We have disabled the windows firewall, do not have any anti virus software installed, no group policies are being applied, and no other applications are running when we attempt to make the VPN connection. Thanks for helping!
Solved! Go to Solution.
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I just fix it by apply this fix and re-install fortigate client.
https://skydrive.live.com/redir?resid=86BDD34D41D3E179!2065&authkey=!AAeyjPB4O4uVxek
You may find the detail from this forums. Hope this could help you all. Thanks.
https://supportforums.cisco.com/discussion/11682811/anyconnect-msi-installation-failed-windows-7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I seem to be experiencing this problem, or very similar problem.
Forticlient hangs at 98% while connecting. But this only happen occasionally -- especially if the connect dropped for some reason and I try to connect again (possibly every time this happens).
I am able to get Forticlient to connect if I reboot my machine. So maybe this is not the identical problem discussed here. Sometimes it gives the "You already have an open SSL VPN connection" warning, but not always. Either way, it stops at 98%, after a minute or so, it just clears the login fields of the forticlient window as if nothing had ever happened.
Rebooting my machine "resets" something and makes connection possible. But this is a frustrating workaround.
Is there a process or service I should be able to restart that would have the same effect as rebooting?
101 REPLIES 101
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
we're facing the same Issue with FortiClient 5.4.1.0840.
Additional to that - sometimes we get connected and after that alle network drivers crash down.
Windows 10 Ver. 1607
A reboot helps for max. 1 hour - then the same things happen again.
Firewall is also shut down, same as Win Defender - we're Using Avira AntiVir.
Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sounds like server end problem, did you try with update?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The 98% bug has been solved in the Forticlient 5.6.x release (new VPN driver)
FortiAnalyzer / 6.4.0
FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6
FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0
FortiWeb VM / 6.3.2
FortiManager VM / 6.4.0
FortiAnalyzer / 6.4.0
FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6
FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E /
100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0
FortiWeb VM / 6.3.2
FortiManager VM / 6.4.0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am using version 5.6.2.1117 and am receiving the 98% error.
I ran the diagnostic tool and have this from the FCDiagData\VPN folder in the generated .cab file (this seems to be the most useful of the files):
Information VPN FortiSslvpn: 11156: fortissl_connect: device=ftvnic Error VPN FortiSslvpn: 4652: error: ssl_connect Error VPN FortiSslvpn: 4652: tunnel_to_fgt error Error VPN FortiSslvpn: 220: error: ras_loop(), waitResult=1. Information VPN Unable to establish the VPN connection.(E=98,T-981066010,M99,R10)
I've tried some of the suggested items - disable ipv6, virtualbox connectors - worked one time but never after the first time - even with reboot/shutdown-reboot/enable-disable these connectors/yadda-yadda-yadda...
Any/all suggestions are greatly appreciated.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Solution in post #65 works perfectly fine.
Why not do it & stop moaning?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Solved! Solved! Solved!
I have discovered what is happening!!!
When we install FortiClient again, it creates a new ISDN Channel, but it doesn't check this new ISDN Channel.
So we should to check it.
See:
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi everyone, we recently resolved an issue very similar to this with assistance from Fortinet Support.
In our case, the cause was an invalid/unresolvable FQDN Address Object that was referenced by the SSL-VPN Firewall Policy, which in turn caused the connection to fail.
After enabling additional debugging on the FortiGate, we could see the following in the logs (some parts obfuscated):
2019-01-31 16:19:41 [217:root:521]form_ipv4_split_tunnel_addr:1503 Matched policy (id = 87) to add split tunnel routing address
2019-01-31 16:19:41 [217:root:521]form_ipv4_split_tunnel_addr:1503 Matched policy (id = 74) to add split tunnel routing address
2019-01-31 16:19:41 [217:root:521]dns_query():196 tried 1 host.local.
2019-01-31 16:19:41 [217:root:521]dns_on_read():106 get invalid response.
2019-01-31 16:19:47 [217:root:521]dns_query():196 tried 2 host.local.
2019-01-31 16:19:47 [217:root:521]dns_on_read():106 get invalid response.
2019-01-31 16:19:53 [217:root:521]dns_query():196 tried 3 host.local.
2019-01-31 16:19:53 [217:root:521]dns_on_read():106 get invalid response.
2019-01-31 16:19:59 [217:root:521]dns_query():196 tried 4 host.local.
2019-01-31 16:19:59 [217:root:521]dns_on_read():106 get invalid response.
2019-01-31 16:20:05 [217:root:521]dns timeout
2019-01-31 16:20:05 [217:root:521]form_ipv4_split_tunnel_addr:1503 Matched policy (id = 74) to add split tunnel routing address
2019-01-31 16:20:11 [217:root:0]sslvpn_internal_remove_one_web_session:2668 web session (root:<username>::<remote IP address>:0 1) removed for tunnel connection setup timeout for SSLVPN Client
2019-01-31 16:20:11 [217:root:0]sslvpn_internal_remove_apsession_by_idx:2241 free app session, idx[0]
2019-01-31 16:20:11 [217:root:521]rmt_check_conn_session:1962 delete connection 0x7f9f5ad14400 w/ web session 0
2019-01-31 16:20:11 [217:root:521]Destroy sconn 0x7f9f5ad14400, connSize=0. (root)
The debug commands used were:
dia debug console timestamp enable
dia debug app sslvpn -1
dia debug app fnbamd -1
dia debug enable
The FortiClient version was 6.0.4.0182, and FortiOS version 5.6.4.
After removing the invalid Address Object from the Policy we were able to establish an SSL-VPN connection, hopefully this helps someone else.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is a Known Issues. The issues was fixed. Please try to use FortiClient 5.6.x.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
there was something in a ssl troubleshooting cookbook related to timeouts:
config vpn ssl settings set login-timeout 180 (default is 30) set dtls-hello-timeout 60 (default is 10)
is worth a try :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just solved on Win10x64Ent, FortiClient 6.0.9
Set Settings->VPN Options->Preferred DTLS Tunnel checked, and voila.
Related Posts
Labels
-
FortiGate
6,764 -
FortiClient
1,345 -
5.2
801 -
5.4
639 -
FortiManager
580 -
FortiAnalyzer
425 -
6.0
416 -
5.6
362 -
FortiSwitch
347 -
FortiAP
346 -
FortiClient EMS
274 -
FortiMail
263 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
160 -
6.4
128 -
FortiNAC
110 -
FortiGuard
108 -
FortiSIEM
91 -
FortiGateCloud
88 -
IPsec
87 -
FortiCloud Products
85 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
69 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
41 -
Fortivoice
41 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
33 -
SD-WAN
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
24 -
FortiConnect
24 -
VLAN
23 -
FortiAuthenticator
22 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
SAML
15 -
FortiMonitor
14 -
BGP
14 -
DNS
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
FortiDDoS
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
Authentication
9 -
SSL SSH inspection
9 -
Traffic shaping
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
FortiSOAR
8 -
SSO
8 -
Application control
8 -
RMA Information and Announcements
7 -
FortiAnalyzer v5.0
7 -
Fortigate Cloud
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
Web application firewall profile
5 -
FortiTester
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.