IPsec/SSL VPN

VPN lofin fail error - 455

  • 1.  VPN lofin fail error - 455

    Posted Nov 26, 2017 09:24 AM

    VPN lofin fail error - 455

     

    We use the FortiClient and user tried to login in SSL-VPN to FG300D.
    The VPN authetification used Radius-LDAP.

    We always get the "Permission denied (-455)" error.
    This append for only one user.

    We are login successfully with other account in the same computer.

    I tried to analyse the logs and always received, unknow users.


    VPN FortiSslvpn: Init:ConnectNamedPipe(): Wait(hEventOverLapped) OK.
    VPN FortiSslvpn: before ConnectNamedPipe
    VPN FortiSslvpn: Init:ConnectNamedPipe(): rc=0, err=997
    VPN FortiSslvpn: _ReceiveMessage: (000004CC)
    VPN id=96603 msg="SSLVPN tunnel connection failed (Error=-455).

    In Fortigate applaiance in VPN Events the message is: sslvpn_login_unknown_user

    Finally, I was able to reproduce this issue.
    I create a new user in AD and put it the VPN-Users-Group associate to Radius.
    I put the same password of my user that experiment the issue.
    Surprise, same message: error- -455.

    I tested directly in the applaiance under Users, Raduis Server - Edit - Connectivity test
    with this testing account and password: Result = Succesful.

    I tried again in vpn,always fail.

    I modify the password to remove special caracter in this case french accent "é" include in the password.
    Result lgin succesfull.
    I put the accent again in the password and login fail.

    I don't test every type of caracters but I recommand my users to avoid any french accent in the password.

    best regard