Staff

Troubleshooting Tip: Authentication Fails with '40105 Bad Request Timestamp' error with Cisco Duo

Forum|Forum|2 months ago
March 31, 2026
0 replies
88 views

Description

This article describes how to resolve the 'Bad request timestamp' (Error code: 40105) issue observed during authentication with Cisco Duo, which is caused by time synchronization failure.

Scope

FortiSIEM.

Solution

Symptoms.

Authentication requests fail with the following error:

"failed (Invalid Authentication: {"code": 40105, "message": "Bad request timestamp", "stat": "FAIL"}Invalid Authentication: {"code": 40105, "message": "Bad request timestamp", "stat": "FAIL"}Invalid Authentication: {"code": 40105, "message": "Bad request timestamp", "stat": "FAIL"})"

Leap status shows 'Not synchronized'.
NTP sources are unreachable:

Reach = 0
LastRx = 0
Last sample = 0

The issue occurs when the Collector system time is not synchronized due to a failure in communicating with configured NTP servers. This leads to a timestamp mismatch, causing Cisco Duo authentication requests to be rejected.

Troubleshooting steps:

Modify the chrony.conf:

sudo vi /etc/chrony.conf

Add a reachable NTP server. Example:

time.google.com iburst

Restart the Chrony service:

sudo systemctl restart chronyd.service

Verify service status:

systemctl status chronyd.service

Confirm synchronization:

chronyc sources -v
chronyc tracking

Ensuring proper NTP synchronization on the FortiSIEM Collector should resolve timestamp-related authentication failures with Cisco Duo.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded