Technical Tip: Unable to delete local super admin user on FortiGate with error 'Failed to delete'

An attempt to delete a local super-admin user from the FortiGate GUI or CLI fails with the error 'Failed to delete'.

Attempting to delete a local super_admin user results in a 'Failed to delete' error in the GUI. No visible references to the user in the configuration or interface.

Deletion fails despite the user not being used in any admin profile, VDOM assignment, or custom configuration. Here are the currently configured user accounts, and trying to delete the admin account 'daniel' for demonstration:

1. Check if the user is still referenced under the config system federated-upgrade section:

config system federated-upgrade
show

config system federated-upgrade
    set status disabled
    set initial-version 7-6-2-3462
    set starter-admin "daniel"
end

2. The starter-admin field under the federated-upgrade configuration acts as a reference for the super_admin who initialized the federated upgrade. FortiOS does not allow deletion of an admin account still referenced in this context.

Attempting to manually modify the starter-admin using:

set starter-admin admin

Federated upgrade cannot be configured directly.
object set operator error, -39 discard the setting
Command fail. Return code -39

It confirms that the config cannot be altered directly and must be handled through federated upgrade commands.

Solution:

1. Run the following CLI command to cancel the federated upgrade session:

execute federated-upgrade cancel

2. Re-check the federated-upgrade section:

show system federated-upgrade

Ensure starter-admin and initial-version are removed or reset.

3. Try to delete the user:

• Via GUI: Navigate to System -> Administrators, select the user, and select 'Delete'.

• Or via CLI:

config system admin
delete daniel
end

To check if there are any other references, run the following command and search for the user name:

show full-configuration | grep -f daniel