Windows 11, RSAT Tools, and FortiClient = no IP address for SSLVPN NIC

VPN
1

Heads up if you have a Windows 11 device with FortiClient (we’ve tested up to v7.2.5) and all of the RSAT Tools for Windows Admins installed, your SSLVPN NIC won’t be assigned an IP when you connect to SSLVPN.

https://community.fortinet.com/t5/FortiClient/Troubleshooting-Tip-VPN-SSL-connected-but-no-IP-address-in/ta-p/248143

We isolated this to the networking RSAT tools such as for load balancing, etc. So if all you need is ADUC, etc, you should be ok.

We have one user here with this config, as we just upgraded them from W10 to W11. FortiGate would assign an IP from the pool, and FortiClient would show that IP, but checking the SSLVPN NIC showed an APIPA address.

Fun.

2

We had something like that in the past I think. Fix was to remove RSAT, reinstall FCT, then install RSAT and it all worked well together.

3

I’m on 7.2.4 and windows 11 23h2 with the September CU installed. ipconfig shows the same ip as fortclient for the ssl vpn interface🤷

4

Did you try it on fresh installed W11 with latest updates too or just on upgraded machines?

5

Identical behavior here. Joy

6

Do you have RSAT tools installed via Features? That is what breaks it. Specifically the Network Management Tools. That is interesting though. I’m sure that this is related to some specific combination, but I find it odd this KB was first published in March 2023 and then updated a year later. Would be nice if FortiGate resolved in 7.2.5.

7

We use a 22H3 Windows 11 image that we push via FOG. Then we use DISM to pull and install the latest RSAT. Applicable Windows Updates are applied to bring current.

8

Uh, yeah that was the link I posted to help anyone else experiencing this.

9

I have a few but not all: ADCS, LDAP, DNS, Group policy management, server manager.

10

Last I checked the KB2693643 RSAT tool is officially Win10 only, not for Win 11 (which supposedly has something different/native for RSAT tools? idk), hence no plans on doing any fixes in this regard.