FortiClient VPN Connection getting stuck at Status: 98% (Solved)
Problem
When connecting to VPN network using FortiClient users occasionally are unable to make the connection as the VPN client seems to be malfunctioning. The connection gets stuck at Status: 98% and they get disconnected. This problem appears to be affecting FortiClient version 5.3.xxx as well 5.4.1.0840 running on Windows 8 and 10 that we are aware of.
It’s s been determined that there is a problem with the Windows operating system WAN miniport driver and not specifically with a Forticlient issue.
Remedies
To fix Wan miniport problems as well as VPN and dial-up error code 720 and similar PPP errors follow these steps (worked for us)
1. Install WAN miniport repair tool
2. Restart computer
3. Run Install WAN miniport installer tool
4. Restart computer and test VPN access.
Here are some ways to fix the virtual adapter ( that worked for some folks):
1. There were no Miniports installed on the computer. This can be determined by going to Control Panel, System, Hardware, Device Manager, View – Show hidden devices. Under Network Adapters there should be a series of WAN Miniport: IP, IPv6 PPPOE, PPTP, IKEv2, etc. These ports are often used for different adapters different VPN clients. If the Miniports are not visible, they will have to be reinstalled.
Download devcon.exe. This is a utility from Microsoft. When that is done you can find the different miniport driver names associated to your OS in the following file c:\windows\inf\netrasa.inf. This path is for Windows XP and it will be different for other OS.”
Windows 8 file locations is C:\Program Files (x86)\Windows Kits\8.1\Tools\x64>
Here are the command lines I used in XP to reinstall the needed Miniports.
“devcon.exe install c:\windows\inf\netrasa.inf MS_PppoeMiniport”
“devcon.exe install c:\windows\inf\netrasa.inf MS_NdisWanIp”
“devcon.exe install c:\windows\inf\netrasa.inf MS_PptpMiniport”
“devcon.exe install c:\windows\inf\netrasa.inf MS_L2tpMiniport”
Reboot your PC following these commands.
You will probably need to reinstall your VPN client software or hardware driver that was not functioning before. This will reinitialize binding to the Miniports.
2. To make VPN client work with windows 8.x or Windows 10 you can try the following:
From an elevated command prompt run the following:
netcfg -v -u ms_ndiswanip
netcfg -v -u ms_ndiswanipv6
Reboot the computer. Windows will detect the devices are missing and reinstall it automatically, likely transparently. Check device manager to make sure they are back in there.
Once the PC boots up check the fortissl adapter, it may say device missing still. You should now see an ISDN adapter in the list. Select it and enter 1 for the number, uncheck ‘ missing device’ ensuring only the ISDN option is selected. Click OK and try to connect to the SSL VPN.
Once the computer gets restarted the sslvpn connection should work again.
If not, check the fortissl adapter, it may say device missing. You should now see an ISDN adapter in the list. Select it and enter 1 for the number, uncheck ‘ missing device’ ensure only the ISDN option is selected. Click OK and try to connect to the SSL VPN.
3. Make sure the services listed in “1)” are running on the affected PC. Run “services.msc” and make sure the mentioned services are running (have status “started”).
– Telephony
– Remote Access Connection Manager
– Secure Socket Tunneling Protocol Service
If some of those services are not running, please start them and then test the sslvpn connection.
Also from Device Manager, select “View->Show hidden devices”, then open “Network Adapters”, check and make sure that “WAN Miniport (IP)” is enabled and running properly.
In case it still doesn’t work after performing the steps in 1), then try the following steps:
From an elevated command prompt run the following:
netcfg -v -u ms_ndiswanip
netcfg -v -u ms_ndiswanipv6
Check device manager: “WAN Miniport (IP)” and “WAN Miniport (IPv6)” should be gone.
Reboot the PC, Windows will detect the devices are missing and reinstall it automatically, likely transparently. Check device manager to make sure they are back in there.
Once the PC boots up again check the fortissl adapter, it may say device missing still. You should now see an ISDN adapter in the list. Select it and enter 1 for the number, uncheck ‘ missing device’ ensuring only the ISDN option is selected. Click OK and try to connect to the SSL VPN.
Once the PC boots up again, test the sslvpn connection.
3)
If none of the above steps resolves the issue, then please try the instructions in the following link http://social.technet.microsoft.com/Forums/windows/en-US/427f8be7-941a-4e78-bf21-f94a257b3549/ras-error-720-when-establishing-modem-connection?forum=itprovistanetworking
********
http://www.reddit.com/r/techsupport/comments/2ux6lj/fortigate_sslvpn_immediately_disconnects_hangs_at/
1) Open Network Connections
2) Note the “fortissl” connection will have the device message “Unavailable – device missing”
3) Open the properties for this connection
4) On the “General” tab: a. Uncheck the “Modem Removed – Unavailable device ()” device b. Check the “ISDN channel – PPPoP WAN Adapter” device c. Click the up arrow on the right to move the “ISDN channel – PPPoP WAN Adapter” to the top of the list d. Set the phone number for the “ISDN channel – PPPoP WAN Adapter” to “1” (without the quotes)
5) Click “OK” to close the “fortissl” properties
6) The “fortissl” connection should now appear gray with the device message “PPPoP WAN Adapter” and a status of “Disconnected”
7) You should now be able to successfully establish an SSL VPN connection
Or:
http://social.technet.microsoft.com/Forums/windows/en-US/427f8be7-941a-4e78-bf21-f94a257b3549/ras-error-720-when-establishing-modem-connection?forum=itprovistanetworking
Update: 06.12.2017
It appears the FortiClient engineering staff may have finally resolved this pesky problem. The new version of FortiClient 5.6 is said to address the annoying problems with the WAN Miniport driver, causing the 98% error message, among other fixes. This version is scheduled to go live in June as soon as it’s fully tested. We have been testing the per-production release (5.6.0.1072) on Windows 10 clients with positive results so far. If you can’t wait for the official release of FortiClient 5.6, reach out to the support team to get a copy. Make sure to completely uninstall the current version before installing 5.6.
