FortiClient troubleshooting tips
After you configure the required secrets, FortiClient uses the following three processes to launch the native application and start the video recording services:
-
FortiVRS with session ID: 0
-
Save and drop ZTNA rules for each secret request.
-
Manage FortiVRS[X] daemons.
-
Upload video and metadata files to FortiPAM.
-
-
FortiVRS with the user session
-
Start applications in the user session.
-
Record application videos.
-
Record the key and mouse metadata for the launched secret.
-
-
FortiTCS
-
ZTNA daemon feature (responsible for TCP forwarding).
-
Create local proxy to forward TCP traffic.
-
Issue 1: Error contacting FortiClient
Ensure that FortiClient is running with the following three daemons:
-
FortiTCS in session 0
-
FortiVRS in session 0
-
FortiVRS in user session [X]
Issue 2: Error starting the program
Ensure that the secret you are launching is installed on the client side machine with the environment variable set.
Issue 3: FortiPAM JSON error
This happens if you tamper the ztna.config file.
To recover, delete ztna.config and try again.
Issue 4: HTTP port mismatch between FortiPAM and FortiClient
Both FortiPAM and FortiVRS must use the same HTTP port.
To check for the port mismatch:
- On FortiPAM, look for the value set in the Client Port field in the Advanced tab in System > Settings.
- On the client machine, in the
fortivrs_session_0_1.logfile, ensure that the listeining port is same as the Client Port on FortiPAM. - If there is a mismatch between the port value in step 1 and 2, change the port value on FortiPAM to match the client machine port.
Issue 5: Secret not reaching the host
FortiClient can no longer reach the EMS server. Although ZTNA tunnels/rules can still be created, they fail to reach the host without an EMS connection.
Check the EMS server connection.
|
For fortitcs/fortivrs traces, go to |
|
|
For the ZTNA configuration file, go to |
|
|
For the secret session video recordings and metadata files, go to the Windows Temp directory |