Technical Tip: FortiNAC unable to communicate with FortiClient EMS

Description

This article describes how to address communication issues between FortiClient EMS and FortiNAC.
 

Scope

FortiNAC and FortiClient EMS.

Solution

1. There are some cases where FortiNAC cannot communicate with FortiClient EMS.
   This can happen if the Root certificate that signs the EMS certificate is not imported to FortiNAC.

2. If FortiNAC port1 IP is not added to the Trusted Hosts list under Administration -> Administrators pane configured on FortiClient EMS, this will prevent FortiNAC from communicating with FortiClient EMS and will result in the following error in the output.master:
   
   

2026-04-21 12:16:08.477 +0200 [https-jsse-nio-192.168.0.1-8443-exec-31] DEBUG yams.FortinetEMSServer - message = Your host is not trusted. Please log in via a trusted host.

2026-04-21 12:16:08.478 +0200 [https-jsse-nio-192.168.0.1-8443-exec-31] DEBUG yams.FortinetEMSServer - auth response is null, authentication likely failed

2026-04-21 12:16:08.478 +0200 [https-jsse-nio-192.168.0.1-8443-exec-31] DEBUG yams.FortinetEMSServer - testConnection() retval = Failed to read Fortinet EMS device : authentication failed.

Related article:

Technical Tip: Integration between FortiClient EMS and FortiNAC