Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: Windows updates fails with enabled Forticlient
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Windows updates fails with enabled Forticlient
Since last week we experiencing a lot of problems with Windows updates (mostly Windows 11, but there was one Windows 10 among them as well), specifically KB5040442. On about 10% of our Windows clients the update would start and go until 96% and stay there for 10-60 minutes, and then after a restart Windows would tell us that something did go wrong and it would reverse the update. This would require multiple restarts and anything in the order of 2-10h. The usual information sources did not reveal anything unusual with this update round, so it had to be some uncommon conditions here.
When Windows was back online, it would sometimes (!) show an error code 0x800f0922, oftenly nothing, and on next restart it would try to install it again (and our employees losing again 4-10h with a working computer). First remedy, as described in the error code was to increase the size of the recovery partition to at least 250MB, but that helped only on one computer. No other things related to the code did apply to us or help. DISM and SFC sometimes would find something, but did not help in fixing the issues with the update. Over time some of the computers randomly succeeded in installing the update.
Last straw I had was to disable and uninstall Forticlient. And with that so far all of the clients went through the update without a hitch. Now I am anxious that it will return with the next update when I reinstall Forticlient. In retrospective, two computers had some troubles with some previous updates, but we re-installed Windows on them. Both were also affected this time.
What should be do and how can we prevent that from happening again? Is there anything to further debug and diagnose this issue?
For your reference we use Forticlient 7.2.4.0972 with EMS, and a Fortigate 200F as main firewalls. We have the web filter, AV and real-time protection enabled, as well as Anti-malware, Anti-Exploit and Cloud-base malware protection.
Thank you in advance for your help.
Regards,
Markus
Labels:
- Labels:
-
FortiClient EMS
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- « Previous
-
- 1
- 2
- Next »
19 REPLIES 19
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Arahman, thanks for the reply.
But I think the link you gave (vpn stops working after windows update) doesn't seem to be related to the issue in this thread (windows update fails or takes too long).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello arahman,
I am a colleague of MarkusKoehler. Our problem does not seem to be related to the VPN. Both in-house clients (on-fabric, SSL VPN off) and clients connected via VPN have the problem.
The problem still persists with Windows 11 24H2 and FortiClient 7.2.5. One of our computers tried to install the October cumulative update four times without success and rolled back for two hours on a Dell Vostro with i7, 16GB and SSD. After disabling FortiClient Malware Protection completely via EMS, updates installed smooth within five minutes. This happened yesterday.
Support already had a look on the issue (see Ticket #9947946) and got detailed debug logs from us. They advised us to disable cloud protection in the forti client, without any success as it seems.
The situation is very frustrating for our users and even causes some damage, since a rollback usually takes at least one hour and the machine is not usable in that time, if we are not reachable to disable FortiClient. If you have any further information or instructions for troubleshooting, please let us know. I will try to grab the Windows update error code from the machine as soon as I can get my hands on it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's still plaguing us as well. Moving the machine to a profile in EMS that doesn't "do" as much does seem to help, although that's not addressing the root cause. There was a bug listed in forticlient 7.4 (bug id 1022885 "Forticlient causes bootup delay on Windows 10 and 11) in New known issues but no mention of it on the 7.4.1 known issues or new issues document. I also note the MS release health issue WI893288 which may be related. Have you reviewed your CBS.log?
I'm updating Microsoft Visual c++ 2015 2022 redistributable to the latest version as well for good measure, as the version of the 2017 redistributable that is included in the FortiClientTools zip file is older than the one in the latest Microsoft Visual c++ 2015 2022 redistributable update.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also found this topic which sounds similar Forticlient slowing down Windows 11 update 24h2 - Fortinet Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the tip with the CBS log. Due to the size of the logs, I had it analyzed by ChatGPT. All it found was a collision of some registry values:
2024-11-06 09:17:28, Info CSI 0000005c Warning: Overlap: Registry value collision found under key \\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Record\\{9E5C3C99-D046-3FE5-9921-21CF0F0A08FF}\\4.0.0.0\\ for Assembly, only one component should set this value
2024-11-06 09:17:28, Info CSI 0000005f Warning: Overlap: Registry value collision found under key \\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Record\\{9E5C3C99-D046-3FE5-9921-21CF0F0A08FF}\\4.0.0.0\\ for RuntimeVersion, only one component should set this value
2024-11-06 09:17:28, Info CSI 00000062 Warning: Overlap: Registry value collision found under key \\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Record\\{9E5C3C99-D046-3FE5-9921-21CF0F0A08FF}\\4.0.0.0\\ for Class, only one component should set this value
2024-11-06 09:17:28, Info CSI 00000065 Warning: Overlap: Registry value collision found under key \\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Record\\{8CF0278D-D0AD-307D-BE63-A785432E3FDF}\\4.0.0.0\\ for RuntimeVersion, only one component should set this value
2024-11-06 09:17:28, Info CSI 00000068 Warning: Overlap: Registry value collision found under key \\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Record\\{8CF0278D-D0AD-307D-BE63-A785432E3FDF}\\4.0.0.0\\ for Assembly, only one component should set this value
According to ChatGPT, this key might be controlling access to the clipboard for .NET applications. Seems a little bit odd to me that this is crashing a Windows Update with FortiClient on.
Good news is, we have a client that fails reproducible when FCT is on. I sent the logfiles of the FCT to the support. Lets see what they figure out.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply. I can also confirm we are also seeing the same issue on the November update too.
I also see many (hundreds) value collision entries in my cbs.log files. Maybe we are using similar software or hardware. You can DM me if you want and maybe we can talk in more detail.
Great news that's you've got a client to test on, can't wait for this to be put to bed. Would you mind sharing your ticket number so I can also raise my own and ask them to reference yours?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good morning VinceMoon,
our first ticket on the issue was 9947946 from Sep/Oct, but that one is closed after Fortinet concluded to turn off cloud protection and retry. Unfortunately, that didn't help. The recent ticket is 10076718, Fortinet is analyzing the logs right now.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are also facing this issue and I know of one other company with the same symptoms. Our last Fortinet case was dragging on for too long and it was hard to reproduce on demand so it was closed. I hope you have better luck and would love to know the root cause. I personally don't have a good experience with Forticlient.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good morning IHaveAProblem and VinceMoon,
the Forti support just responded us and they have no idea what might cause the issues. No obvious hints in the debug logs. We shall try FCT 7.2.6 and asked if some Sophos products are installed. If 7.2.6 won't help, they want to involve the dev team.
Beside that, we figured that it seemed to help when you disable all network traffic related components. In our case, this was web filter, video filter, sandbox and firewall. Maybe you could try this on the upcoming patchday.
Regards
Arne
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
the issue was reported to the engineering team today using the details from the original reporter "Markus Koehler" and the TAC ticket that was created for the same issue within TAC EMEA Team.
regards
Peter
- « Previous
-
- 1
- 2
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,738 -
FortiClient
1,775 -
5.2
801 -
FortiManager
736 -
5.4
639 -
FortiAnalyzer
562 -
FortiSwitch
476 -
FortiAP
474 -
FortiClient EMS
436 -
6.0
416 -
5.6
362 -
FortiMail
320 -
6.2
251 -
SSL-VPN
248 -
FortiAuthenticator v5.5
234 -
IPsec
212 -
FortiWeb
206 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
117 -
FortiAuthenticator
105 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
84 -
Customer Service
80 -
Wireless Controller
80 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiGate-VM
18 -
FortiMonitor
18 -
Traffic shaping
17 -
SSID
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSoar
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1732 | |
| 1106 | |
| 752 | |
| 447 | |
| 240 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.