Skip to main content
dkoprusak
Staff
dkoprusak
Staff
September 27, 2024

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Invalid FQDN'

  • September 27, 2024
  • 0 replies
  • 1272 views
Description

This article describes how to get more information and provides the solution for a successful ADOM upgrade if such an issue occurs.

During an ADOM upgrade, it is possible to encounter the error 'Fail(errno=-2):Invalid FQDN'.
Scope FortiManager, ADOM upgrade.
Solution

To get more information on what causes the error, use the diagnostics outlined in:

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Direction of member(s) must eithe....

 

After, trigger the ADOM upgrade to generate the error and check the generated output.

It should be similar to the following:

 

copy dynamic_mapping.(null)(soid=<ID>) to dparent=<ID>,
--> commit copy dynamic_mapping.(null)(soid=<ID>) to dparent=<ID>, fail: err=-2,Invalid FQDN
======= Dump sentry and dentry======
<ID> ---> <ID>
associated-interface: any ---> any
subnet: 0.0.0.0 0.0.0.0 ---> 0.0.0.0 0.0.0.0
type: fqdn ---> fqdn
sub-type: sdn ---> sdn
start-ip: 0.0.0.0 ---> 0.0.0.0
end-ip: 0.0.0.0 ---> 0.0.0.0
wildcard: 0.0.0.0 0.0.0.0 ---> 0.0.0.0 0.0.0.0
cache-ttl: 0 ---> 0
color: 0 ---> 0
uuid: <UUID> ---> <UUID>
allow-routing: disable ---> disable
start-mac: 00:00:00:00:00:00 --->
end-mac: 00:00:00:00:00:00 --->
sdn-addr-type: private ---> private
clearpass-spt: unknown ---> unknown
global-object: 0 --->
obj-type: ip ---> ip
fabric-object: disable ---> disable
===================================
copy dynamic_mapping.(null)(soid=<ID>) to dparent=<ID>, :fail.

 

As a next step list all dynamic objects for each device in the ADOM:

 

diagnose dvm device dynobj <device>

 

Once the list is completed, search for the UUID identified previously. The issue will be located in the configuration similar to:

 

config firewall address
    edit <address object name where the issue is>
         config dynamic_mapping
             edit "<device>"-"<VDOM>"
                 set associated-interface "any"
                 set type fqdn
                 set uuid <UUID>
             next
        end

 

To correct the issue and perform a successful ADOM upgrade:

  1. Remove the identified references from the objects: under Policy & Objects -> Object Configurations -> Firewall Objects -> Addresses > <address object name where the issue is> > Per-Device Mapping and select the identified dynamic mapping -> Delete.
  2. (Optional): By observing the faulty mapping, identify other objects with the same configuration and delete these references.
  3. The upgrade should succeed. If there are more failures, use the above procedure to identify and correct the rest.

Related articles:

Technical Tip: How to upgrade an ADOM on FortiManager

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Direction of member(s) must either be both or the same direction as the group'

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Do not support urlfilter-table for global scope webfilter profile'
Terms & ConditionsAccessibility statement