Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Asad_Khan
New Contributor

Forticlient sslvpn stucks at 98%

I have this problem with few remote users of my company. But its very urgent to give him sslvpn access to have work from remote location any time. But when they try to connect forticlient sslvp stop at 98% & disconnect. I have tried uninstalling & reinstalling application, also tried different versions, disabled windows firewall, antivirus and unchecked IPV6 but still no luck. Please tell me the correct solution. I am sick of thisissue.

asad khan

asad khan
1 Solution
bikash_Shaw
New Contributor III

Hello,

 

Can you please show us the SSL VPN configuration.

 

Regards

Bikash

View solution in original post

11 REPLIES 11
bikash_Shaw
New Contributor III

Hello,

 

Can you please show us the SSL VPN configuration.

 

Regards

Bikash

rickards
New Contributor

Hello

 

This usually depending on antivirus or host firewall on the client side, have you tried to reinstall Forticlient ?

CorneJvV
New Contributor

Are you running McAfee HIPS by any chance ?

I had an issue with similar symptoms and it was due to HIPS. 

FCNSA FortiGate 60C, 110C, 200B, 310B FortiAnalyzer 100C FortiMail 100 FortiManager 100
FCNSA FortiGate 60C, 110C, 200B, 310B FortiAnalyzer 100C FortiMail 100 FortiManager 100
Asad_Khan
New Contributor

Dear All thanks for yours suggestions,

The Configuration is perfect. I have many other users also, for which the same configuration is working fine. IPsec Client is working fine for the same user. But only the problem is with sslvpn. Actually it is remote user(consultant), and he has Antivirus "kaspersky" in his laptop. And weird thing is that it was working fine for last couple of days, before this.

 

Even i have discussed with Fortinet TAC also, but i haven't find the right solution untill now.

asad khan

asad khan
nathan_emerson
New Contributor

I am sure you have already looked at this but just in case it is helpful I have found that in all cases when our VPN's have issues at 98% it is username and password related.

 

Asad_Khan
New Contributor

Hi nathan.emerson,

I am very used to Foritclient application. When you have a username or password issue, it will stuck at 80% mostly, and you will get an error message i.e. unable to login to server....... and the error code/number is (-12). So which is something very clear.

Also i am sure that 98% error are totally related to End user (client machine). But i am unable to find the correct cause and solution for this on client pc.

Thanks

asad khan

asad khan
Dave_Hall
Honored Contributor

asad.khan1 wrote:

Also i am sure that 98% error are totally related to End user (client machine). But i am unable to find the correct cause and solution for this on client pc.

When our company moved from Windows XP to Windows 7, our in-house apps (including some off the shelf software) broke.  In those cases we used Process Monitor to troubleshoot/debug those applications.  (Mind you, we have been using Process Monitor long before Windows 7 came along since our company uses a custom software packager to deploy apps company-wide, and sometimes had to be debugged.)  In about 70% of the time apps that didn't work on Windows 7 was due to a user read/write permissions to the %root%\temp\ folder or path to programs folder location was wrong. 

 

While Process Monitor may or may not be something you'll want to try, here are some other suggestions: 

- switch users on the laptop and see if sslvpn works (possible corrupted user profile)

- create a new user profile

- try a different username/password

- try same username/password from another computer/laptop.

 

BTW it was Process Monitor that clued me in to the ghost network interfaces issue with the forticlient.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
nathan_emerson

asad.khan1 wrote:

Hi nathan.emerson,

I am very used to Foritclient application. When you have a username or password issue, it will stuck at 80% mostly, and you will get an error message i.e. unable to login to server....... and the error code/number is (-12). So which is something very clear.

Also i am sure that 98% error are totally related to End user (client machine). But i am unable to find the correct cause and solution for this on client pc.

Thanks

Sorry Asad, to be more specific in my case and in most occurrences of issues at 98% it has been the user AD account not being a member of the VPN users group configured in NPS or a miss-configuration in NPS for a group. 

 

Cheers,

 

Nathan

cpeon
New Contributor

Hello,

 

I have the same issue and the problem is at the client machine. In my case, the client machine is a Windows Server 2012.

 

If I try with the same user in my W7 desktop it works fine.

 

I've checked the post about the ghost Interfaces and I have removed the Interface empty but it doesn't works.

 

Some Idea?

 

Thanks.

 

Carlos

Carlos Peon
Carlos Peon
Labels
Top Kudoed Authors