none
Fortigate SSLVPN Immediately Disconnects / hangs at 98% RRS feed

  • Pertanyaan

  • This issue has hit two machines running windows 8.1 x64 with all updates as of Monday.

    When dialing into the VPN on a specific machine, it either hangs at 98% for a long time and then fails, or it says “connected” and then immediately “disconnected.”

    When it does this, event viewer logs error 633 or error 631 (it seems to toggle between the two) and error 720.

    These are known good credentials, and I have used other known good credentials of my own. I have also used this user’s credentials on my own computer and it works just fine, so the issue is with the computer, not with the user account.

    I can ping both the DNS name of the firewall and the IP.

    We have several firewalls of Fortigate’s, ranging from a 50D to an 80D. All present the same behavior, and they are over a range of firmware versions. This leads me to suspect the issue is with the computer, not the firewall or it’s configuration. It should also be noted that some 100 other users running on 7 and 8 have no issues with this connection.

    One of the computers was local, and due to the urgency of that user’s situation, we ended up nuking and paving the computer, which fixed the issue. While it is good to know this fixes it, I do not want to rampage around nuking machines just because the VPN wont connect.

    On computers with this issue, if you go to device manager, you can see in the network devices there are several “WAN Miniports” and most of them have errors where the system could not load the drivers.

    If you look at the settings of the adapter in network and sharing center, you can see that the properties of the fortissl is “ISDN Channel Disconnected PPoP WAN Adapter”

    As per advice on this forum (I am not allowed to post links. I assure you I am not a spammer. forum.fortinetDOTcom/tm.aspx?m=99307 ) I have removed and reinstalled. I have verified the credentials, and I have disabled IPv6. No change.

    As per this post here ( social.technet.microsoftDOTcom/Forums/windows/en-US/e6e8ada8-bc12-4f6f-8de3-1d3fd2ff4931/kb2585542-security-update-causing-ssl-vpn-issues  ) I checked for this update. It was not installed. Also as per comments on the same thread, I disabled TLS 1.0 and rebooted with no change.

    I contacted Fortigate Support. I ended up being escalated to the highest level of support engineer. At each step, they tried removing the software, resetting the TCP stack, and reinstalling. Then they would use a special tool to fully remove the Fortigate software, and once again resetting the TCP stack and reinstalling. From there they tried newer and older versions of the software. All no change.

    They provided me with a tool called "WAN Miniport repair v2 x64" which I had already come across trawling forums, it removes all miniports completely so that you can reinstall them. This yielded no fruit both when I did it, and when the tech did it.

    The final senior engineer enabled some tracing, and generated a log that can be seen here ( pastebinDOTcom/raw.php?i=Z4b8mUqh ) He mentioned this line right towards the bottom:

    [4840] 02-05 13:43:37:298: Will not initialize CP 8021

    He told me that this means the issue is that the PPP device is not properly binding to the TCP stack. I was informed that this is a known issue, and that the problem is on the side of Microsoft.

    That was the end of the support call with Fortigate.

    Other Notes: The computer is running the latest networking drivers as of this morning, straight from Dell's site.

    I will fetch any information you need from me. Thank you in advance for anything you can provide.

    Kamis, 05 Februari 2015 22.58

Jawaban

  • We ended up Nuking and Paving, which fixed the issue. 

    If anyone finds this thread years from now, I put quite a bit of research into this, and it looks like your best / only bet if you have already tried the steps above. 

    • Ditandai sebagai Jawaban oleh CASE Forensics Senin, 09 Februari 2015 23.32
    Senin, 09 Februari 2015 23.32

Semua Balasan

  • Hi,

    The final senior engineer enabled some tracing, and generated a log that can be seen here ( pastebinDOTcom/raw.php?i=Z4b8mUqh ) He mentioned this line right towards the bottom:

    [4840] 02-05 13:43:37:298: Will not initialize CP 8021

    He told me that this means the issue is that the PPP device is not properly binding to the TCP stack. I was informed that this is a known issue, and that the problem is on the side of Microsoft.

    Since we cannot find the log file, it hard to say who is the culprit. Please upload the log into OneDrive and share the link here.

    So far, on Windows side, have you tried to the Microsoft build-in VPN for test?

    Please disable your Firewall, check and install all available Windows updates and then run these commands:

    netsh int ip reset resetlog.txt

    netsh winsock reset

    After that, restart your computer and check the result.

    Meanwhile, this article could be as a reference:

    If it's not helpful, since you have tried too much methods, backup all your personal files and reset your installation to have a try.


    Karen Hu
    TechNet Community Support

    Minggu, 08 Februari 2015 08.29
    Moderator
  • We ended up Nuking and Paving, which fixed the issue. 

    If anyone finds this thread years from now, I put quite a bit of research into this, and it looks like your best / only bet if you have already tried the steps above. 

    • Ditandai sebagai Jawaban oleh CASE Forensics Senin, 09 Februari 2015 23.32
    Senin, 09 Februari 2015 23.32
  • Having the same problem. This is the worst VPN I have ever come across. Too bad it's a client company that is using it...
    Jumat, 20 Februari 2015 16.16
  • This is funny. Same symptoms here.

    So I tried disabling [VirtualBox NDIS6 Bridged Networking Driver] and [TCP/IPv6 Protocol]... and it worked!! Then I enabled them again and it still works. I don't know what will happen after reboot... 


    Rabu, 10 Februari 2016 07.57
  • I'm having the same problems.

    The WAN repair tool thing works, but only for connecting once or twice. Then you need to do it all over again (including restating your machine)


    Selasa, 31 Januari 2017 13.37
  • This URL: http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630  works for "Forticlient SSLVPN gets stuck at 98% on Windows 10".  It took time, patience and many different combinations but using the miniport repair I completed the following which finally fixed it:

    Step 1

    Step 2a

    Step 4

    Step 2b (Run as... Administrator) BUT NOT "then execute wan-miniport-install-x64.exe"

    Be patient....it can take time for it to complete and looks like its hung....

    Step 2c (without restore)

    Recreated VPN's ->worked!!

    • Disarankan sebagai Jawaban oleh peepeeopee Rabu, 17 Mei 2017 10.04
    Rabu, 03 Mei 2017 19.12
  • This URL: http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630  works for "Forticlient SSLVPN gets stuck at 98% on Windows 10".  It took time, patience and many different combinations but using the miniport repair I completed the following which finally fixed it:

    Step 1

    Step 2a

    Step 4

    Step 2b (Run as... Administrator) BUT NOT "then execute wan-miniport-install-x64.exe"

    Be patient....it can take time for it to complete and looks like its hung....

    Step 2c (without restore)

    Recreated VPN's ->worked!!

    Been trying many different things to get this to work - you sir are a life saver!!!
    Rabu, 17 Mei 2017 10.05
  • Sir, You saved my life !!! cheers!!!
    Selasa, 20 Maret 2018 12.32
  • This URL: http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630  works for "Forticlient SSLVPN gets stuck at 98% on Windows 10".  It took time, patience and many different combinations but using the miniport repair I completed the following which finally fixed it:

    Step 1

    Step 2a

    Step 4

    Step 2b (Run as... Administrator) BUT NOT "then execute wan-miniport-install-x64.exe"

    Be patient....it can take time for it to complete and looks like its hung....

    Step 2c (without restore)

    Recreated VPN's ->worked!!

    Worked like a charm!  Thanks!
    Senin, 27 Agustus 2018 18.49
  • Well, Fortinet killed own KB, but it was only linking to this one:

    https://www.vpnhosting.cz/index.php/clanky/wan-miniport-repair-tool-solve-vpn-and-dial-up-error-code-720-and-similar-ppperrors.html

    Jumat, 03 Januari 2020 18.37