Skip to main content
mzainuddinahm
Staff & Editor
mzainuddinahm
Staff & Editor
May 11, 2020

Troubleshooting Tip: 'execute update-now' command fails to execute

  • May 11, 2020
  • 0 replies
  • 31587 views

Description

 

This article describes how to resolve an issue where the 'execute update-now' command fails with error 'Command fail. Return code 6'.

 

Scope

 

FortiGate.

Solution


The command 'execute update-now' can fail when executed.
The primary issue investigated was license-expired/warning messages on FortiGate.


When attempting to update the unit using 'execute update-now', the command fails with the error 'Command fail. Return code 6'.

 

To solve the issue:

  1. Make sure the admin who logged in has full rights.
  2. Check the running processes by using the following command to find out the PID of the 'updated' daemon.

 

diagnose sys top

 

Run Time:  1 days, 5 hours and 33 minutes

0U, 0N, 1S, 99I, 0WA, 0HI, 0SI, 0ST; 7996T, 4956F

          fgtlogd      499      S       0.0     0.3    3

          httpsd     1862      S       0.0     0.3    1

          httpsd     1863      S       0.0     0.3    2

         reportd      250      S       0.0     0.2    2

            csfd      628      S       0.0     0.2    2

           fgfmd      268      S       0.0     0.2    3

          httpsd      230      S       0.0     0.2    1

 

The second column from the above command shows the process ID.

 

  1. Use this command to kill the updated daemon:

 

diagnose sys kill 11 <pid_of_updated>

diagnose sys kill 11 1862

diagnose sys kill 11 1863

diagnose sys kill 11 230

 

In the above command, the httpsd processes are killed one by one based on the process IDs shown (1862, 1863, 230, as in the output for httpsd).

It is possible to kill all processes at once with the following command:

 

fnsysctl killall <PPROCESS_NAME>

 

Here, it is necessary to obtain all of the currently running process IDs to perform a restart.

 

Note: Super Admin privilege is required to run the 'fnsysctl' command. Otherwise, FortiGate will return an error, as explained in Troubleshooting Tip: fnsysctl command returns Unknown action 0.

 

  1. Next, trigger an automatic update using the following command:

 

execute update-now

       

To see what is going on in the FortiGate, run the following commands:

 

diagnose debug application update -1

diagnose debug console time enable

diagnose debug enable

 

  1. Check the licensing status of the unit.

Note that, in an HA cluster, the 'updated' process does not run on the secondary device. All updates are performed by the primary device, which forwards them to the secondary.

 

Related article:

Technical Tip: Diagnose sys top CLI command

Terms & ConditionsAccessibility statement