Troubleshooting Tip: Resolve 'Haven't set FortiCloud account id' by adding a FortiGuard service-account ID
Description
This article describes how to resolve the following error while enabling the FortiGuard log:
Haven't set FortiCloud account id
node_check_object fail! for status enable
This error is seen when there is no FortiGuard account ID is configured in FortiGate.
Scope
FortiGate.
Solution
While enabling the FortiGuard logs, the following error appears when the FortiGuard service account is not configured.
config log fortiguard setting
set status enable
Haven't set FortiCloud account id
node_check_object fail! for status enable
Note: As an option, FortiGate Cloud logging can be activated from the CLI using the command below. For more information, refer to the following article: Technical Tip: How to register/activate FortiGate Cloud from GUI and enable logging.
execute fortiguard-log login <email> <password> <domain>
It is necessary to make sure that the FortiCloud service account is already added to the FortiGate.
If not configured, follow the commands below and add the service account ID in FortiGuard settings:
config system fortiguard
set service-account <ID> <- Enter the service account ID. The limit is 50 characters.
end
In the newer version, the service account ID command has been removed in order to connect with FortiCloud logging. First, activate fabric by authenticating with an account ID and password. Refer to Configuring cloud logging for step-by-step configuration. Ensure that the complete command has been manually set in the FortiGuard setting.
Once the FortiGuard account ID is added, enable the FortiGuard logs using the following commands:
config log fortiguard setting
set status enable
end
Even though the service account ID is no longer present in recent FortiOS versions, this error can still be observed. The example below provides the output from FortiOS v7.2.10.
In case of the above, perform the below checks, and if it is a match, follow this article: Troubleshooting Tip: Unable to connect to FortiGuard servers.
diagnose fdsm account-info
Timeout
diagnose fdsm log-controller-update
Timeout
diagnose fdsm contract-controller-update
Timeout
Another possible reason to see this error is that the FortiGate is in an HA configuration, and only one FortiGate is connected or provisioned with FortiGate Cloud. When connecting the FortiGate to the FortiGate cloud, ensure both devices are connected to the FortiGate cloud. There are two methods to do so.
- Provision both devices to the same account in the FortiGate cloud from the FortiGate cloud portal, as shown below:
- The other method is to separate the HA to standalone mode, then activate the FortiGate cloud for the devices and set up the HA again.
- The third option is to failover the primary FortiGate to the secondary node, then activate the FortiGate Cloud.
Related articles:
Technical Tip: How to troubleshoot FortiGate Cloud Internal Error
Troubleshooting Tip: FortiCloud connection failure
Technical Tip: How to use failover flag to change Active unit