Troubleshooting Tip: Getting unexpected alert e-mails with logdesc='System configuration backed up error'

Description

This article describes an issue where the user gets random alert e-mails with logdesc="System configuration backed up error" and 'Automatic configuration backup to flash disk failed' messages.

Scope

FortiGate v7.6.6.

Solution

After setting up a new HA cluster of devices with a Disk, the following Alert messages might be sent via e-mail from the devices:

Message meets Alert condition:

date=2026-04-04 time=09:35:30 devname=FGT_TEST devid=FG121GTK******** eventtime=1879642794055276341 tz="+0100" logid="0100045233" type="event" subtype="system" level="error" vd="root" logdesc="System configuration backed up error" user="admin" ui="https(192.168.x.x)" action="backup" status="failure" msg="Automatic configuration backup to flash disk failed"

This is the case when the Alert mail feature is configured on the device. Otherwise, the log will only be generated locally.

These messages are not generated while there are changes being made either via SSH or HTTPS by one of the admins, and the configuration backups on the Firewall are saved as normal.

To further troubleshoot the issue, the crashlogs must be checked.

Execute the following command on the device:

diagnose debug crashlog read 

Look for entries similar to the following:

536: 2026-03-20 06:44:23 domain=WEB_AUTH domainid=37 acl=ipv4-sendmsg msg="[FORTISM Violation: pid-2265
537: 2026-03-20 06:44:23 api-sendmsg(), proto-17 daddr-127.0.0.1 dport-701]."
538: 2026-03-23 19:17:18 domain=WEB_AUTH domainid=37 acl=write msg="[FORTISM Violation: pid-2265,
539: 2026-03-23 19:17:18 api-open_w(), path-/tmp/disk_rev_store_current_config_EK0yzM]."
540: 2026-03-26 10:33:10 domain=WEB_AUTH domainid=37 acl=ipv4-sendmsg msg="[FORTISM Violation: pid-2265
541: 2026-03-26 10:33:10 api-sendmsg(), proto-17 daddr-127.0.0.1 dport-701]."
542: 2026-03-27 20:55:11 domain=WEB_AUTH domainid=37 acl=write msg="[FORTISM Violation: pid-2265,
543: 2026-03-27 20:55:11 api-open_w(), path-/tmp/disk_rev_store_current_config_kbyePL]."
544: 2026-03-30 11:43:24 domain=WEB_AUTH domainid=37 acl=ipv4-sendmsg msg="[FORTISM Violation: pid-2265
545: 2026-03-30 11:43:24 api-sendmsg(), proto-17 daddr-127.0.0.1 dport-701]."

Under the System Event logs, outputs with the following key words can be found:

logdesc="FortiSM Access Violation"
secappdomain="WEB_AUTH"
secappdomainid=37
msg="FORTISM Violation:
process-[http_authd] 

Related to this behavior, there is already an internal engineering ticket created which is being investigated by the engineering team. It is expected to be resolved on branch 8.0 of FortiOS.