Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Gianluca_Caldi
New Contributor

Created on ‎03-08-2016 12:49 PM

FortiClient stuck at 98%

Hi All, since upgrading our 300C to FortiOS 5.2.6 we're experiencing problems (randomly) with incoming connection through FortiClient and FortiVPNSSL. The connection process goes well untill 98% and than stop without any error message or, in some other cases, connect and immediately disconnect.

 

The problem has been noticed on both Win7 and Win10 clients on different FGT models (300C, 300D and 400D), with different firmware (5.2.3 and 5.2.6) and different FortiClient versions (4.0.2300 and 4.0.2323).

 

Fortinet support provided a FortiClient version (4.3.5.0472) to be tested => no success; then a "fix" for a similar problem observed on Win8 (even if we don't use this) found at http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630 => no success.

 

It also happen often that, after a succesful connection, the client is not able to connet anymore using both che vpn client and the web access. Sometimes a restart fix the issue, sometimw a vpn client reinstall fix the issue, sometimes nothing of these have effect...

 

What really make me think about some bug or, at least, some communication issue between the vpn client and the FGT is taht a restart of the process vpnssld on the FGTsolve temporarely the issue and everything start working as expected... until the problem show up again after a couple of days. It looks like some "communication" issue cause the vpn deamon to "hang" for that particular user (while others are able to connect in the meanwhile).

 

Did anyone experienced such an issue?

 

Thanks in advance

Bye

GC

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

FGT: 50E,100D, 200D, 600DFMG: VM64 FAZ: VM64
81805
0 Kudos
27 REPLIES 27
jklems
New Contributor
In response to henry_mwangi

Created on ‎08-14-2017 03:36 PM

We setup both SSL VPN profile and and IPSec tunnels available on our 500d, and have had users connect via the IPSec vpn profile as a workaround for Hotels, planes, hotspots, etc. we run forticlient 5.4 and 5.6 on a fortigate 5.4 (soon to be updating to 5.6).

3746
0 Kudos
matheusslg
New Contributor
In response to jklems

Created on ‎08-08-2018 06:13 AM

Hey, I found a "solution"!

 

First of all, that's not a definitive solution, but works.

When you logon on VPN, your client will stuck on 98%, then, you'll open your Task Manager (Ctrl + Shift + ESC) and then you will search for "Network Command Shell" process. This is the process that make the computer crash, consuming a lot of memory ram. You'll need to end this process some times (3 times), every time that you kill this process, he's gonna back, but don't worry, at the third time (maybe fourth), your client will "unstuck" from 98% and you'll be connected 100%.

 

That's it for now! Thanks (sorry my English, I'm from Brazil) 

3746
0 Kudos
Gianluca_Caldi
New Contributor

Created on ‎03-21-2016 09:31 AM

Hey guys,

uninstalling-rebooting-reinstalling is not a solution! t's just some temporary workaround that fix the issue until it happen the next time. You got the same by killing the vpnssld on the affected FGT or following the instructions from fortinet here http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630 but..

 

..as Fortinet confirmed that this is a bug (someone read the messages?) the only way for a solution is to get an (hopefully) working client which address the problem.

 

I got in PM lot of people having the same issue on 300C, 100D and some other models so it don't make sense to try solving this working on the single client..

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

FGT: 50E,100D, 200D, 600DFMG: VM64 FAZ: VM64
3746
0 Kudos
kolawale_FTNT
Staff
Staff

Created on ‎03-21-2016 09:56 AM

On Windows 8.1 (or 2012 R2), the following Microsoft Software Hotfix may be helpful:

 

    VPN gateway becomes unresponsive and a connection can't be established ...

 

On Windows 10, you may contact Fortinet Support to try the latest FortiClient 5.4 interim build,

 

The FortiClient version or build installed in a managed environment can be controlled by using the EMS.

3746
0 Kudos
bartman10
Contributor
In response to kolawale_FTNT

Created on ‎03-21-2016 10:19 AM

Oh really Kolawale.. where did you get this info to contact Fortinet Support as they seem to have no idea what I'm talking about when I contacted them and had me install FortiClientSetup_5.2.5.0658_x64.exe. 

This "fixed" the issue because like we've said before reinstalling the client seems to fix it for a bit.

See case #1674111

 

 

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track. Over 100 WiFi AP's and growing. FAZ-200D FAC-VM 2 node cluster Friends don't let friends FWF!
3746
0 Kudos
kolawale_FTNT
Staff
Staff

Created on ‎03-22-2016 08:45 PM

Consider requesting for a 5.4 interim build from Fortinet Support.

3746
0 Kudos
Gianluca_Caldi
New Contributor

Created on ‎04-07-2016 08:29 AM

Hi All,

just as an update..

 

..after several "interim" versions provided by Fortinet the problem persist. Moreover it was now noted on some "D" series models so my hope that ths was just some incompatibility with the 300C and 5.2.6 just crashed.

 

So no good news this time...

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

FGT: 50E,100D, 200D, 600DFMG: VM64 FAZ: VM64
3746
0 Kudos
foshejh
New Contributor
In response to Gianluca_Caldi

Created on ‎04-28-2016 04:22 PM

Gianluca,

  Just checking to see if you have had any luck resolving this issue.  We have recently started having this same issue with a new Windows 10 computer.  We are running a FG60D with V5.2.3 and FortiClient with v5.4.0.0780.  Getting stuck at 98% every time.  We uninstalled and reinstalled the FortiClient on the Windows 10 machine today, and it worked for a few minutes.  Now, it is failing again at 98%.  Thanks!

 

 

Thanks,

 

-foshejh

3746
0 Kudos
Gianluca_Caldi
New Contributor
In response to foshejh

Created on ‎04-28-2016 11:52 PM

Hi foshejh,

 

last week we moved from our old 300C powered by 5.2.6 to a new 600D running 5.2.7 and the problem, so far, seems to be resolved by himself. Fortinet support say that the issue is 100% due to some conflict on the client machine but, in my opinion, this is not true because: 1) everything start working fine again (for a while) just killing the sslvpn deamon on the FGT and 2) the problem now just disappeared and the clients are exactly the same.

I got the idea that the issue lie somewhere in a bad combination between hardware model and FGT firmware version but my ticket is still open (for almost 3 months now...) and the cause is still to be found.

 

Bottom line of this: if I were you I'd give a try to 5.2.7 just to check if some "hidden" bug as been corrected too. In the change log of this firmware version you'll find some reference to vpn issue and, even if Fortinet support says that the 98% issue is not related, something seems to work definitely better.

 

Hope not having talked too early...

 

Bye

Gianluca

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

FGT: 50E,100D, 200D, 600DFMG: VM64 FAZ: VM64
3746
0 Kudos
foshejh
New Contributor
In response to Gianluca_Caldi

Created on ‎04-29-2016 06:13 AM

Gianluca,

  Thank you very much for your reply above!  We will try to update to 5.2.7 in the coming days and will report back our findings asap!  Thanks again, and I hope you have a great week!

 

 

-foshejh

3746
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.