Troubleshooting Tip: Unable to add CA server in FortiNAC manager

Description

This article describes how to solve an issue with FortiNAC Manager, which is failing to add a CA server.

Scope

FortiNAC Manager.

FortiNAC.

Solution

The CA server got a new license, and the synchronization with Manager started to fail with the error:

Sync Initiated with server: x.x.x.x by Admin, root, and the status is sync with error: PERMISSION_DENIED: Invalid SN.

Deleting the device from the Manager and trying to add it again gives the error 'Failed to add CA'. There might be a database conflict or cached content.

In this scenario, the first thing to do is to verify the database for any stale entries or wrong information. From CLI, the database table by executing:

execute db-shell
MariaDB [bsc]> select * from node_info;

The table will look like the following:

Verify the allowed Serial Numbers list using the following command:

# execute enter-shell
$ cat /bsc/campusMgr/config/.allowedSN

Information to verify:

• SN of the device.

• IP address.

• Hostname.

• There can be conflicting information. For example, the database might have another entry with the same IP or the same serial number.

If issues are still encountered, raise a Support ticket via Support and provide the following information:

• Output from the table above: 'select * from node_info;'.

• Collect the log-snapshot from FortiNAC Manager and CA by following this article:
  Technical Tip: How to get a debug log report from FortiNAC-CA or FortiNAC-Manager.

Related document:

CA Management