FortiClient stuck at 98%

Gianluca_Caldi · ‎03-08-2016

Hi All, since upgrading our 300C to FortiOS 5.2.6 we're experiencing problems (randomly) with incoming connection through FortiClient and FortiVPNSSL. The connection process goes well untill 98% and than stop without any error message or, in some other cases, connect and immediately disconnect.

The problem has been noticed on both Win7 and Win10 clients on different FGT models (300C, 300D and 400D), with different firmware (5.2.3 and 5.2.6) and different FortiClient versions (4.0.2300 and 4.0.2323).

Fortinet support provided a FortiClient version (4.3.5.0472) to be tested => no success; then a "fix" for a similar problem observed on Win8 (even if we don't use this) found at http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630 => no success.

It also happen often that, after a succesful connection, the client is not able to connet anymore using both che vpn client and the web access. Sometimes a restart fix the issue, sometimw a vpn client reinstall fix the issue, sometimes nothing of these have effect...

What really make me think about some bug or, at least, some communication issue between the vpn client and the FGT is taht a restart of the process vpnssld on the FGTsolve temporarely the issue and everything start working as expected... until the problem show up again after a couple of days. It looks like some "communication" issue cause the vpn deamon to "hang" for that particular user (while others are able to connect in the meanwhile).

Did anyone experienced such an issue?

Thanks in advance

Bye

GC

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

bartman10 · ‎03-14-2016

Exact same issue. 300c upgraded to 5.2.6. VPN 98% then back to user/pass prompt. Using fortiauth and tokens but same issue.

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!

Gianluca_Caldi · ‎03-14-2016

Hi,

after a long ping-pong with Fortinet L1 support we got escalated to L2 and got noticed that this is "known issue" (bug ID 0232764). We got an "intermin" FortiClient version to test as it looks the problem in on the client side (but I've nio further details). I'll you posted.

Bye

Gianluca

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

Gianluca_Caldi · ‎03-23-2016

Hi All,

just to infor you that we got notified by Fortinet that the "interim" client provided seems to have issues with Win7 thus is suitable for testing only on Win10 machines. After some testing we still got the issue on several Win7 client machines (but we've really few Win10 installations up to now). This thing is really getting weirder by the time...

Bye

Gianluca

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

henry_mwangi · ‎03-18-2016

I too have the same problem with FG 100D. How do we beat around this ?

Gianluca_Caldi · ‎03-21-2016

Hi Henry,

no workaround that I know about. As I wrote we're testing a new "beta" claint that should address the issue. As for now it seems to work good but need some more testing to be sure that there's no any unlikey side effect...

Bye

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

Nils · ‎03-21-2016

I've been struggling with this.

The solution for us is to uninstall the client, restart the computer and then install the client again.

Gianluca_Caldi · ‎03-21-2016

Sadly to say, this sometimes work, sometimes don't...

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

SecurityPlus · ‎03-21-2016

We have a customer with a 60D that had this occur on a Windows 10 computer starting on Saturday. No recent firewall updates have been made that I can think of. Just out of the blue started to lock up at 98%. Is the uninstall of FortiClient, reboot of the PC, and reinstall of FortiClient the best/only solution?

bartman10 · ‎03-21-2016

In my ticket, #1674111, the guy just gave me a copy of FortiClientSetup_5.2.5.0658_x64.exe and said try that. I had 2 of my PC techs who where having the problem almost 100% of the time with Win10 try it and they said it works.

This is odd because there is nothing special about this version and seeing as how version 5.4 is the latest version you'd think it would work. There is also no mention of what versions of FortiGate are compatible with what versions of FortiClient... and in a non-licensed environment the clients get updates from the internet and I can't control what version they run it makes me wonder how to prevent this.

So does 5.4 have issues with Win10? Who knows.

I really wish Fortinet would offer the same thing as Cisco ASA Secrutiy+ bundle. In this bundle for the ASA you get unlimited Cisco AnyConnect clients that are all controlled and upgraded from the ASA. On the Fortinet side I need to pay a full license for FortiClient even though I'm only interested in the SSL VPN part.

I'd happily pay some kind of reduced rate for FortiClient SSL VPN only or something like that. Are you listening Fortinet? I'm giving you pearls here.

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!