Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

Problem accessing Self-Service via FortiClient VPN

https://forum.tranquil.it/viewtopic.php?t=4460

Page 1 of 1

Problem accessing Self-Service via FortiClient VPN

Published: November 19, 2025 - 08:37
by PA DEQUIDT
Good morning,

We have the following problem with users of a Forticlient VPN.

Accessing their Self-Service system when connected via VPN displays no results, even though the machine is reachable via the console.
VPN_Error.png
VPN_Error.png (69.95 KB) Viewed 11430 times
However, if the selservice is reconnected, access is restored about half the time.

Here is a list of all the actions we have already taken:
  • Traffic audit = No traffic is blocked, either to the primary or secondary repository on ports 80 and 443.
    Agent uninstalled and then reinstalled.
    WAPT services stopped and then restarted.
If you have any ideas for finding a solution, they would be more than welcome. :D

Re: Problem accessing Self-Service via FortiClient VPN

Published: November 19, 2025 - 09:45
by sfonteneau
Try doing this in a regular command prompt:

And do this while the VPN is running:

Code: Select all

C:\Windows\System32>wapt-get shell
>>> from waptservice.service import get_allowed_domain_usergroups
>>> get_allowed_domain_usergroups('username',['nomedugroupe'])
['nomedugroupe']
>>> get_allowed_domain_usergroups('username',['nomedugroupe'])
['nomedugroupe']
>>> get_allowed_domain_usergroups('username',['nomedugroupe'])
['nomedugroupe']
Rerun get_allowed_domain_usergroups several times to see


You can also try:

Code: Select all

C:\Windows\System32>wapt-get shell
>>> import pyldap
>>> print(pyldap.cldap_get_domain_info()['host_name'])
>>> print(pyldap.cldap_get_domain_info()['host_name'])
>>> print(pyldap.cldap_get_domain_info()['host_name'])
>>> print(pyldap.cldap_get_domain_info()['host_name'])
To see if it's still returning the correct DC

Re: Problem accessing Self-Service via FortiClient VPN

Published: November 21, 2025 - 2:46 PM
by PA DEQUIDT
Sorry for the late reply. I rely on third parties, but my VPN is working perfectly. :)

Here's the return of orders:

Code: Select all

>>> from waptservice.service import get_allowed_domain_usergroups
>>> get_allowed_domain_usergroups('username',['nomedugroupe'])
[]
>>> get_allowed_domain_usergroups('username',['nomedugroupe'])
[]
>>> get_allowed_domain_usergroups('username',['nomedugroupe'])
>>> get_allowed_domain_usergroups('username',['nomedugroupe'])
>>> get_allowed_domain_usergroups('username',['nomedugroupe'])
[]
>>>

Code: Select all

>>> import pyldap
>>> print(pyldap.cldap_get_domain_info()['host_name'])
Traceback (most recent call last):
  File "<console>", line 1, in <module>
TypeError: 'NoneType' object is not subscriptable
>>> print(pyldap.cldap_get_domain_info()['host_name'])
Traceback (most recent call last):
  File "<console>", line 1, in <module>
TypeError: 'NoneType' object is not subscriptable
>>> print(pyldap.cldap_get_domain_info()['host_name'])
FRRNS-SAD01.sii.fr
>>> print(pyldap.cldap_get_domain_info()['host_name'])
FRRNS-SAD02.sii.fr
>>> print(pyldap.cldap_get_domain_info()['host_name'])
Traceback (most recent call last):
  File "<console>", line 1, in <module>
TypeError: 'NoneType' object is not subscriptable
>>> print(pyldap.cldap_get_domain_info()['host_name'])
Traceback (most recent call last):
  File "<console>", line 1, in <module>
TypeError: 'NoneType' object is not subscriptable
>>> print(pyldap.cldap_get_domain_info()['host_name'])
FRRNS-SAD01.sii.fr
>>> print(pyldap.cldap_get_domain_info()['host_name'])
FRRNS-SAD02.sii.fr
>>> print(pyldap.cldap_get_domain_info()['host_name'])
Traceback (most recent call last):
  File "<console>", line 1, in <module>
TypeError: 'NoneType' object is not subscriptable
>>>
In view of the order response, I better understand the random aspect, namely that about half the time the Selfservice responds.

Do you think it's a flow problem or something else entirely?

Best regards,

Pierre-Alexis DEQUIDT

Re: Problem accessing Self-Service via FortiClient VPN

Published: November 21, 2025 - 3:11 PM
by sfonteneau
Thanks for the feedback

Could you try increasing the timeout?

Code: Select all

import pyldap
print(pyldap.cldap_get_domain_info(timeout_ms=3000)['host_name'])

Re: Problem accessing Self-Service via FortiClient VPN

Published: November 24, 2025 - 09:33
by PA DEQUIDT
The increased timeout results in an error half the time, corresponding to the accessibility of the self-service area.

Code: Select all

import pyldap
print(pyldap.cldap_get_domain_info(timeout_ms=3000)['host_name'])
Increase_Time_Out.png
Could the WAPT logs on the client machine tell us more?

Re: Problem accessing Self-Service via FortiClient VPN

Published: November 24, 2025 - 11:35 AM
by sfonteneau
This should be tried several times to see:

Code: Select all

import pyldap
pyldap.cldap_get_ldap_controller('sii.fr')

Re: Problem accessing Self-Service via FortiClient VPN

Published: Dec 2, 2025 - 2:47 PM
by PA DEQUIDT
Hello,

Following the commands provided, we were able to deduce that the error stemmed from recurring requests to two of our old domain controllers.

Once the VMs were decommissioned, the service reached 100% availability again.

Thank you very much for your help.

Pierre-Alexis DEQUIDT
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru