FortiClient SSL VPN Error

VPN Error KB ID 0001795

Problem

I have a FortiGate/FortiClient test bench setup for testing, and its to been used for a while. When I attempted to use it this happened;

Unable to logon to the server. Your username or password may not be configured properly for this connection. (-12)

While messing around trying to fix it I also got this error;

Unable to establish the VPN connection. The VPN server may be unreachable. (-14)

Disclaimer: That second error can also be caused if the FortiClient is unlicensed (which you can clearly see, it is.) So this might be a red herring.

VPN Error: Solution

This took ages for me to fix. The common consensus is this is usually caused by a setting in the machines internet properties. Open an administrative command windows and run inetcpl.cpl The firs this I was asked to do was  > Advanced  >  Reset > Tick Delete Personal Settings > Reset.

Security > Trusted Sites (set slider to Medium) > Sites > Add in the URL my FortiClient was trying to reach, (yours will be a public IP or DNS name)  > Close.

Advanced Tab > Security > Tick Use SSL 3.0  > Apply > OK.

In my case all of these DID NOT solve my problem, I’ve seen strange errors with LDAP username and passwords, so I made sure the firewall could ping the FQDN of the LDAP server, and it successfully authenticated me (I’ve seen the GUI auth test work, and the command line one fail in the past).

Then I debugged the SSL VPN and got the following error;

Removed for tunnel connection setup timeout.

In the end I changed TWO things and it started to work. Firstly I uninstalled the FortiClient, and installed the latest version.

Secondly I looked at my SSL VPN Settings and noticed the group was set to a firewall group and NOT my LDAP (Active Directory) group. which I changed.

Other possible fixes I found on my trawl – that were not applicable to me;

  • Active Directory User Account (Account or Password Expired)
  • Theres no firewall policy for the SSL VPN Traffic (See this article).
  • Your AD password is using some ‘Odd Characters“, (test with an alphameric password).
  • Your AD user has “user must change the password on next login” enabled.
  • You’re trying to cone too eh SSL VPN fro BEHIND the FortiGate (not outside).

So this seems like a very generic error. If you come up with a different fix, or one that didn’t work for me, but worked for you. Please take the time to post below to help the next technical traveller.

Related Articles, References, Credits, or External Links

NA