Troubleshooting Tip: Administrators encounter error 'object set operator error, -672 discard the setting' when running diagnose commands in CLI after upgrade
| Description | This article describes how to troubleshoot the 'diagnostics' command is not working for prof_admin users after upgrading the device from v7.2.x to version 7.4.8. The error message is 'object set operator error, -672 discard the setting'. |
| Scope | FortiGate v7.4.2 and higher. |
| Solution | FortiOS v7.4.2 introduced changes to administrator profiles that cause prof_admins and other profiles to no longer be able to execute diagnostic commands by default. After upgrading from previous versions, administrator users are in the prof_admin group and starting to receive error messages when they try to run the diagnostics command in CLI.
FortiGate $ diagnose debug enable FortiGate $
Starting in version 7.4.2, the command 'system-diagnostics' is replaced with new commands, shown below. 'cli-diagnose' is the new command, and it is disabled by default.
cli-diagnose : disable
Users are trying to 'enable' this feature with the prof_admin account in the CLI will get an error message as shown below :
This change needs super_admin rights. Log in to the device with the super_admin account to fix the problem.
FortiGate # config system accprofile FortiGate (accprofile) # edit "prof_admin" FortiGate (prof_admin) # set cli-diagnose enable FortiGate (prof_admin) # end
Related documents: Technical Tip: Changes to the prof_admin admin profile after upgrading from v7.2 to v7.4 |
