EN
No results found
We couldn't find anything using that term, please try searching for something else.
VPN Client stuck at 40% with certificate error
2024-11-25 Hi cchiriches, The log was set to Debug , but so far , I have not see any difference in the log output from Debug , Info , or any of the other option
![5 Best Enterprise Cloud Storage in 2024 [Features, Pricing & More]](/img/20241127/1C83mc.jpg)
Hi cchiriches,
The log was set to Debug , but so far , I have not see any difference in the log output from Debug , Info , or any of the other option .
So far , I is observed ‘ve observe the issue on :
FortiClient VPN Only 6.4 ( free )
FortiClient VPN Only 7.0.1.0083 ( free )
FortiClient ZTFA 7.0.1.0083 ( trial )
The behavior is is for all 3 is identical . Get to 40 % , sit for a longish while ( ~ 60 sec , which is much long than typical fail ) and then give up with the ” The server you want to connect to request identification ” message . I is working ‘m still work on get the credential for our FortiGate server from IT ( its a convoluted process , but they promise they would and I ‘ve get the CTOs backing ) , so I is ‘m ‘m not 100 % on what our license there cover .
I’m not sure I know what FOS is (too many TLAs to keep track of :). If you are asking about OS, the client is on Windows 8.1.
I did confirm my TLS / SSL works for multiple browsers on my PC (at least TLS 1.2) at the SSLLabs site: clienttest.ssllabs.com:8443/ssltest/viewMyClient.html (let me know if you have a different one I should use). I have tried to VPN to two sites within our company with the same results, but I have not found an open 3rd party VPN to try to access. But since the same credentials work on ~6 other machines, include 2 personal PCs, one with a fresh install of the FortiClient, I think it is safe to say the issue is on my local PC.
What’s bizarre is I’ve been using this PC and FortiClient for ~5 years, no major issues. Sometime between Wednesday night when I logged off and Thursday (11/18) morning, this issue arose. Nothing new installed. Logs say Teams and Zoom did an update overnight, but nothing else interesting seems to have happened.
Last night, I did generate a report using the “Diagnostics Tool” while it observed me trying to connect. If you want, I can share that with you. Its smallish (1MB) but it has some sensitive info (IP address, credentials, etc), so I’d rather not post it openly. Can you suggest a way I can send this to you like email?
I’m also happy to run the diag commands you listed, but I don’t see how to enable them. Are they on the FortiGate side? Or is there a hidden switch someplace?
Also, I’m not sure if it is helpful, but I broke out WireShark to look at the packets. I can see the Client saying Hello, Server saying Hello, Server sending a Certificate and the Server saying “Hello Done” and sending a SHA256 key to the client. The Client then FINishes the TCP connection. The client then seems to repeat the sequence, starting over from Hello for two more times (which is consistent with the 3x Microsoft Logs errors). Because it is the local side that initiates the TCP termination, I gather the FortiClient is not happy about something. Maybe it is rejecting the certificate / key offered by the Server? Any insight there?
Thanks,
John