Troubleshooting Tip: TACACS+ showing connection status error

TACACS+ Server is showing a connection status of 'Error' when selecting the 'Test' button, as shown below:

This indicates that the FortiGate is unable to reach the TACACS+ server. Running a packet sniffer and enabling fnbamd debug would show that the FortiGate does not receive any SYN-ACK responses from the TACACS+ server.

FortiGate # diagnose sniffer packet any "port 49" 4 0 l
Using Original Sniffing Mode
interfaces=[any]
filters=[port 49]
2026-02-09 00:26:19.935872 port1 out 10.47.2.161.22264 -> 10.47.3.71.49: syn 1441117022
2026-02-09 00:26:24.439671 port1 out 10.47.2.161.22266 -> 10.47.3.71.49: syn 1968606839

FortiGate # diagnose debug application fnbamd -1
Debug messages will be on for 6 minutes.

FortiGate # diagnose debug console timestamp enable

FortiGate # diagnose debug enable

FortiGate # 2026-02-09 00:26:19 [1774] handle_req-Rcvd auth req 15629547233283 for test01 in opt=05000007 prot=0 svc=7
2026-02-09 00:26:19 [336] __compose_group_list_from_req-Group '', type 1
2026-02-09 00:26:19 [511] create_auth_session-Session created for req id 15629547233283
2026-02-09 00:26:19 [595] fnbamd_cfg_get_tac_plus_list-
2026-02-09 00:26:19 [160] fnbamd_tac_plus_new-10.47.3.71
2026-02-09 00:26:19 [107] __init_tac_plus_setting-Preping TAC+ servers.
2026-02-09 00:26:19 [92] __tac_plus_server_push-Inserted tac+ server '10.47.3.71'.
2026-02-09 00:26:19 [165] fnbamd_tac_plus_new-10.47.3.71 created
2026-02-09 00:26:19 [611] fnbamd_cfg_get_tac_plus_list-Total tac+ servers to try: 1
2026-02-09 00:26:19 [629] fnbamd_tac_plus_get_auth_server-
2026-02-09 00:26:19 [94] fnbamd_tac_plus_get_next_authen_type-Next authen type pap
2026-02-09 00:26:19 [896] __auth_ctx_svr_push-Added addr 10.47.3.71:49 from TAC+ '10.47.3.71'
2026-02-09 00:26:19 [715] __fnbamd_tac_plus_get_next_addr-Next available address of TAC+ '10.47.3.71': 10.47.3.71:49.
2026-02-09 00:26:19 [914] __auth_ctx_start-Connection starts 10.47.3.71:10.47.3.71, addr 10.47.3.71:49 proto: TCP
2026-02-09 00:26:19 [299] __tac_plus_tcps_open-vfid 0, addr 10.47.3.71, src_ip , use_ha_relay 0
2026-02-09 00:26:19 [1175] fnbamd_socket_update_interface-vfid is 0, intf mode is 0, intf name is , server address is 10.47.3.71:49, source address is null, protocol number is 6, oif id is 0
2026-02-09 00:26:19 [337] __tac_plus_tcps_open-oif=0, intf_sel.mode=0, intf_sel.name=
2026-02-09 00:26:19 [372] __tac_plus_tcps_open-Still connecting 10.47.3.71.
2026-02-09 00:26:19 [390] __tac_plus_tcps_open-Start TAC+ conn timer.
2026-02-09 00:26:19 [730] __tac_plus_start_conn-Socket 11 is created for TAC+ '10.47.3.71'.
2026-02-09 00:26:19 [599] __tac_plus_add_job_timer-
2026-02-09 00:26:19 [439] fnbamd_cfg_get_pop3_list-
2026-02-09 00:26:19 [417] __fnbamd_cfg_get_pop3_list_by_group-
2026-02-09 00:26:19 [449] fnbamd_cfg_get_pop3_list-Total pop3 servers to try: 0
2026-02-09 00:26:19 [437] start_remote_auth-Total 1 server(s) to try
2026-02-09 00:26:19 [1917] handle_req-r=4
2026-02-09 00:26:20 [516] __tac_plus_conn_timeout-Connction with 10.47.3.71:10.47.3.71 timed out.
2026-02-09 00:26:20 [825] __tac_plus_error-Ret 10, st = 0.
2026-02-09 00:26:20 [94] fnbamd_tac_plus_get_next_authen_type-Next authen type pap
2026-02-09 00:26:20 [848] __tac_plus_error-Conn failed.
2026-02-09 00:26:20 [665] fnbamd_cfg_tac_plus_update_reachability-10.47.3.71, conn_fails 1/5
2026-02-09 00:26:20 [855] __tac_plus_error-
2026-02-09 00:26:20 [400] __tac_plus_tcps_close-closed.
2026-02-09 00:26:20 [749] __tac_plus_conn_stop-Stop TAC+ conn timer.
2026-02-09 00:26:20 [787] __tac_plus_try_next_addr-No more addr to try.
2026-02-09 00:26:20 [864] __tac_plus_error-
2026-02-09 00:26:20 [802] __tac_plus_try_next_server-
2026-02-09 00:26:20 [754] __tac_plus_stop-
2026-02-09 00:26:20 [749] __tac_plus_conn_stop-Stop TAC+ conn timer.
2026-02-09 00:26:20 [589] __tac_plus_del_job_timer-
2026-02-09 00:26:20 [629] fnbamd_tac_plus_get_auth_server-
2026-02-09 00:26:20 [27] __tac_plus_server_free-Freeing 10.47.3.71, ref:2
2026-02-09 00:26:20 [808] __tac_plus_try_next_server-No more server to try.
2026-02-09 00:26:20 [871] __tac_plus_error-
2026-02-09 00:26:20 [749] __tac_plus_conn_stop-Stop TAC+ conn timer.
2026-02-09 00:26:20 [1065] fnbamd_tac_plus_result-
2026-02-09 00:26:20 [625] fnbamd_tac_plus_process-Result for TAC+ svr '10.47.3.71' is 10
2026-02-09 00:26:20 [1084] fnbamd_tac_plus_result-res=10
2026-02-09 00:26:20 [1148] fnbamd_tac_plus_result-Error (10) for req 15629547233283
2026-02-09 00:26:20 [239] fnbamd_comm_send_result-Sending result 10 (nid 0) for req 15629547233283, len=2592
2026-02-09 00:26:20 [603] destroy_auth_session-delete session 15629547233283
2026-02-09 00:26:20 [1028] fnbamd_tac_plus_stop-
2026-02-09 00:26:20 [754] __tac_plus_stop-
2026-02-09 00:26:20 [749] __tac_plus_conn_stop-Stop TAC+ conn timer.
2026-02-09 00:26:20 [1447] fnbamd_rads_destroy-
2026-02-09 00:26:20 [1874] fnbamd_ldaps_destroy-
2026-02-09 00:26:20 [1046] fnbamd_tacs_destroy-
2026-02-09 00:26:20 [268] fnbamd_tac_plus_auth_ctx_free-Freeing '10.47.3.71' ctx
2026-02-09 00:26:20 [991] fnbamd_tac_plus_auth_ctx_uninit-
2026-02-09 00:26:20 [754] __tac_plus_stop-
2026-02-09 00:26:20 [749] __tac_plus_conn_stop-Stop TAC+ conn timer.
2026-02-09 00:26:20 [145] fnbamd_tac_plus_free-Freeing 10.47.3.71, ref:1
2026-02-09 00:26:20 [27] __tac_plus_server_free-Freeing 10.47.3.71, ref:1
2026-02-09 00:26:20 [150] fnbamd_tac_plus_free-Freed
2026-02-09 00:26:20 [271] fnbamd_tac_plus_auth_ctx_free-
2026-02-09 00:26:20 [1049] fnbamd_tacs_destroy-
2026-02-09 00:26:20 [910] fnbamd_pop3s_destroy-
2026-02-09 00:26:20 [1078] fnbamd_ext_idps_destroy