Could not connect to the FortiManager to retrieve its serial number.

Question

Hello, i created a Test-LAB with FortiManager v7.6.6 build3654 (Mature) VM Trial licensed and FortiGate v7.4.11 build2878 (Mature) VM Trial licensed. Now ill try to Join my Gate into my Manager and got the Error. I checked with the "Compatibility Tool" and it looks good for my Case. I use Windows 11 Pro with Hypedr V and booth VM Imgaes are HyperV from Download Center. The Screenshots are attached. Thanks for help. I tried a lot of proposed solutions FortiGate = 192.168.178.241FortiManager = 192.168.178.240  Log Spoiler (Highlight to read)ConnectedFMG-VM64-HV # diagnose debug application fgfmsd 255fgfmsd debug filter: disableFMG-VM64-HV # diagnose debug timestamp enableFMG-VM64-HV # diagnose debug enableFMG-VM64-HV # 2026-02-23 05:41:29 proxy_session.c,__session_frontend_accept,833: 192.168.178.241:1156 -> 192.168.178.240:541.2026-02-23 05:41:29 __use_cert,734: start idx = 02026-02-23 05:41:29 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:29 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=39, TLSv1.3 SSLv3/TLS write change cipher spec2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:29 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=41, TLSv1.3 TLSv1.3 write encrypted extensions2026-02-23 05:41:29 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:29 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortinet.com2026-02-23 05:41:29 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca2001/emailAddress=support@fortinet.com2026-02-23 05:41:29 Svr broadcast 4 CA subject names to peer2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=28, TLSv1.3 SSLv3/TLS write certificate request2026-02-23 05:41:29 The CA of No.1 local cert:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:29 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 CA issuer matched, local=remote=/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 Find cert idx=0, peer_ca = 42026-02-23 05:41:29 __use_cert,734: start idx = 02026-02-23 05:41:29 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:29 Use cert idx=0 by peer_ca = 42026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=25, TLSv1.3 SSLv3/TLS write certificate2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=44, TLSv1.3 TLSv1.3 write server certificate verify2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=40, TLSv1.3 SSLv3/TLS write finished2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:29 TLSv1.3 write fatal alert: unknown2026-02-23 05:41:29 fw_proto_ssl.c,1151: TLSv1.3 error2026-02-23 05:41:29 fw_proto_ssl.c,__get_error,1731, err=167772359, error:0A0000C7:SSL routines::peer did not return a certificate.2026-02-23 05:41:29 fw_proto_ssl.c,__get_error,1745, ret=-4, error=1, errno=0,Success.2026-02-23 05:41:29 proxy_session.c,__negotiate,231: frontend accept error.2026-02-23 05:41:29 proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c7295c.2026-02-23 05:41:41 proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c7295c.proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c728ec.2026-02-23 05:41:41 __use_cert,734: start idx = 02026-02-23 05:41:41 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:41 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=39, TLSv1.3 SSLv3/TLS write change cipher spec2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:41 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=41, TLSv1.3 TLSv1.3 write encrypted extensions2026-02-23 05:41:41 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:41 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortinet.com2026-02-23 05:41:41 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca2001/emailAddress=support@fortinet.com2026-02-23 05:41:41 Svr broadcast 4 CA subject names to peer2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=28, TLSv1.3 SSLv3/TLS write certificate request2026-02-23 05:41:41 The CA of No.1 local cert:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:41 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 CA issuer matched, local=remote=/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 Find cert idx=0, peer_ca = 42026-02-23 05:41:41 __use_cert,734: start idx = 02026-02-23 05:41:41 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:41 Use cert idx=0 by peer_ca = 42026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=25, TLSv1.3 SSLv3/TLS write certificate2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=44, TLSv1.3 TLSv1.3 write server certificate verify2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=40, TLSv1.3 SSLv3/TLS write finished2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:41 TLSv1.3 write fatal alert: unknown2026-02-23 05:41:41 fw_proto_ssl.c,1151: TLSv1.3 error2026-02-23 05:41:41 fw_proto_ssl.c,__get_error,1731, err=167772359, error:0A0000C7:SSL routines::peer did not return a certificate.2026-02-23 05:41:41 fw_proto_ssl.c,__get_error,1745, ret=-4, error=1, errno=0,Success.2026-02-23 05:41:41 proxy_session.c,__negotiate,231: frontend accept error.2026-02-23 05:41:41 proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c8fa0c.2026-02-23 05:41:45 proxy_session.c,__session_frontend_accept,833: 192.168.178.241:1160 -> 192.168.178.240:541.2026-02-23 05:41:45 __use_cert,734: start idx = 02026-02-23 05:41:45 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:45 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=39, TLSv1.3 SSLv3/TLS write change cipher spec2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:45 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=41, TLSv1.3 TLSv1.3 write encrypted extensions2026-02-23 05:41:45 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:45 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortinet.com2026-02-23 05:41:45 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca2001/emailAddress=support@fortinet.com2026-02-23 05:41:45 Svr broadcast 4 CA subject names to peer2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=28, TLSv1.3 SSLv3/TLS write certificate request2026-02-23 05:41:45 The CA of No.1 local cert:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:45 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 CA issuer matched, local=remote=/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 Find cert idx=0, peer_ca = 42026-02-23 05:41:45 __use_cert,734: start idx = 02026-02-23 05:41:45 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:45 Use cert idx=0 by peer_ca = 42026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=25, TLSv1.3 SSLv3/TLS write certificate2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=44, TLSv1.3 TLSv1.3 write server certificate verify2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=40, TLSv1.3 SSLv3/TLS write finished2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:45 TLSv1.3 write fatal alert: unknown2026-02-23 05:41:45 fw_proto_ssl.c,1151: TLSv1.3 error2026-02-23 05:41:45 fw_proto_ssl.c,__get_error,1731, err=167772359, error:0A0000C7:SSL routines::peer did not return a certificate.2026-02-23 05:41:45 fw_proto_ssl.c,__get_error,1745, ret=-4, error=1, errno=0,Success.2026-02-23 05:41:45 proxy_session.c,__negotiate,231: frontend accept error.2026-02-23 05:41:45 proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c7295c.diagnose debug disableConnectedFMG-VM64-HV # diagnose debug application fgfmsd 255fgfmsd debug filter: disableFMG-VM64-HV # diagnose debug timestamp enableFMG-VM64-HV # diagnose debug enableFMG-VM64-HV # 2026-02-23 05:41:29 proxy_session.c,__session_frontend_accept,833: 192.168.178.241:1156 -> 192.168.178.240:541.2026-02-23 05:41:29 __use_cert,734: start idx = 02026-02-23 05:41:29 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:29 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=39, TLSv1.3 SSLv3/TLS write change cipher spec2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:29 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=41, TLSv1.3 TLSv1.3 write encrypted extensions2026-02-23 05:41:29 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:29 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortinet.com2026-02-23 05:41:29 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca2001/emailAddress=support@fortinet.com2026-02-23 05:41:29 Svr broadcast 4 CA subject names to peer2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=28, TLSv1.3 SSLv3/TLS write certificate request2026-02-23 05:41:29 The CA of No.1 local cert:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:29 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 CA issuer matched, local=remote=/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 Find cert idx=0, peer_ca = 42026-02-23 05:41:29 __use_cert,734: start idx = 02026-02-23 05:41:29 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:29 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:29 Use cert idx=0 by peer_ca = 42026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=25, TLSv1.3 SSLv3/TLS write certificate2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=44, TLSv1.3 TLSv1.3 write server certificate verify2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=40, TLSv1.3 SSLv3/TLS write finished2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:29 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:29 TLSv1.3 write fatal alert: unknown2026-02-23 05:41:29 fw_proto_ssl.c,1151: TLSv1.3 error2026-02-23 05:41:29 fw_proto_ssl.c,__get_error,1731, err=167772359, error:0A0000C7:SSL routines::peer did not return a certificate.2026-02-23 05:41:29 fw_proto_ssl.c,__get_error,1745, ret=-4, error=1, errno=0,Success.2026-02-23 05:41:29 proxy_session.c,__negotiate,231: frontend accept error.2026-02-23 05:41:29 proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c7295c.2026-02-23 05:41:41 proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c7295c.proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c728ec.2026-02-23 05:41:41 __use_cert,734: start idx = 02026-02-23 05:41:41 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:41 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=39, TLSv1.3 SSLv3/TLS write change cipher spec2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:41 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=41, TLSv1.3 TLSv1.3 write encrypted extensions2026-02-23 05:41:41 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:41 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortinet.com2026-02-23 05:41:41 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca2001/emailAddress=support@fortinet.com2026-02-23 05:41:41 Svr broadcast 4 CA subject names to peer2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=28, TLSv1.3 SSLv3/TLS write certificate request2026-02-23 05:41:41 The CA of No.1 local cert:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:41 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 CA issuer matched, local=remote=/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 Find cert idx=0, peer_ca = 42026-02-23 05:41:41 __use_cert,734: start idx = 02026-02-23 05:41:41 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:41 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:41 Use cert idx=0 by peer_ca = 42026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=25, TLSv1.3 SSLv3/TLS write certificate2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=44, TLSv1.3 TLSv1.3 write server certificate verify2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=40, TLSv1.3 SSLv3/TLS write finished2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:41 __info_callback,1118, pid=1582: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:41 TLSv1.3 write fatal alert: unknown2026-02-23 05:41:41 fw_proto_ssl.c,1151: TLSv1.3 error2026-02-23 05:41:41 fw_proto_ssl.c,__get_error,1731, err=167772359, error:0A0000C7:SSL routines::peer did not return a certificate.2026-02-23 05:41:41 fw_proto_ssl.c,__get_error,1745, ret=-4, error=1, errno=0,Success.2026-02-23 05:41:41 proxy_session.c,__negotiate,231: frontend accept error.2026-02-23 05:41:41 proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c8fa0c.2026-02-23 05:41:45 proxy_session.c,__session_frontend_accept,833: 192.168.178.241:1160 -> 192.168.178.240:541.2026-02-23 05:41:45 __use_cert,734: start idx = 02026-02-23 05:41:45 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=0, TLSv1.3 before SSL initialization2026-02-23 05:41:45 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=39, TLSv1.3 SSLv3/TLS write change cipher spec2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:45 Got client SNI information : sni=support.fortinet-ca2.fortinet.com2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=22, TLSv1.3 SSLv3/TLS read client hello2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=24, TLSv1.3 SSLv3/TLS write server hello2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=41, TLSv1.3 TLSv1.3 write encrypted extensions2026-02-23 05:41:45 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:45 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortinet.com2026-02-23 05:41:45 CA to broadcast: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca2001/emailAddress=support@fortinet.com2026-02-23 05:41:45 Svr broadcast 4 CA subject names to peer2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=28, TLSv1.3 SSLv3/TLS write certificate request2026-02-23 05:41:45 The CA of No.1 local cert:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca20032026-02-23 05:41:45 Remote CA: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 CA issuer matched, local=remote=/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 Find cert idx=0, peer_ca = 42026-02-23 05:41:45 __use_cert,734: start idx = 02026-02-23 05:41:45 use certificate issuer = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com2026-02-23 05:41:45 subject = /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiManager/CN=FMG-VMTM26002577/emailAddress=support@fortinet.com2026-02-23 05:41:45 Use cert idx=0 by peer_ca = 42026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=25, TLSv1.3 SSLv3/TLS write certificate2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=44, TLSv1.3 TLSv1.3 write server certificate verify2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=40, TLSv1.3 SSLv3/TLS write finished2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:45 __info_callback,1118, pid=1579: role=svr,state=50, TLSv1.3 TLSv1.3 early data2026-02-23 05:41:45 TLSv1.3 write fatal alert: unknown2026-02-23 05:41:45 fw_proto_ssl.c,1151: TLSv1.3 error2026-02-23 05:41:45 fw_proto_ssl.c,__get_error,1731, err=167772359, error:0A0000C7:SSL routines::peer did not return a certificate.2026-02-23 05:41:45 fw_proto_ssl.c,__get_error,1745, ret=-4, error=1, errno=0,Success.2026-02-23 05:41:45 proxy_session.c,__negotiate,231: frontend accept error.2026-02-23 05:41:45 proxy_session.c,__proxy_session_cleanup, 120:cnt=0, session=0x55d614c7295c.diagnose debug disable

X-Ray1337 · Accepted Answer

Hi, thank you but i tried a lot of combinations.

Problem is the SN in FortiGate Certifiacte

Solution = Downgrade to FortiManager 7.6.1

config sys global

set fgfm-peercert-withoutsn enable (Option was after 7.6.1 deleted)

sw2090 · Answer

I see you have the "set local-cert" and "set enc-algorithm" options activated.

You log states some trouble with TLS v1.3. You could try to "unset" those and see if it works then.

Also I had cases where FGFM Protoco failed because the FGT was not able to select the correct interface to use. In those cases the option "set fmg-source-ip" always helped.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded