Skip to main content
edoutreleau
edoutreleau
New Member
June 3, 2020
Question

FortiToken clock drift detected (code: 086447).

  • June 3, 2020
  • 2 replies
  • 8485 views

Hi

when i want to use my hard fortitoken 200 to acces my vpn i got the following message

 

 FortiToken clock drift detected (code: 086447). Please input the next code and continue

 

but when i go to my fortigate and i type 

diag fortitoken info |

 

i got 

FTKxxxxxxxxxx 0 active 

 

how can i adjust the clock of my fortitoken 200? 

    2 replies

    live89
    live89
    Explorer III
    June 3, 2020

    Have you tried this KB:

    https://kb.fortinet.com/kb/documentLink.do?externalID=FD46341

     

    As far as I know it should show provisioned state ...

    edoutreleau
    edoutreleauAuthor
    New Member
    June 3, 2020

    Hi

    I have already see this KB but i really don't know what i should do with that.

    There s nothing i can do if i have fortitoken200 with a fortigate.

     

    the only sync command available are fro fortiauthenticator or fortitoken mobile 

    live89
    live89
    Explorer III
    June 4, 2020

    Is this new implementation or it has worked before and suddenly stopped working?

    Also have you tried to re-activate the fortitoken?

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    June 4, 2020

    @ac89live  idea is the same, but FTK200 is HARDWARE and not MOBILE token and therefore do have a little bit different statuses.

     

    However to original post ..  1. drift is difference between clock inside token (device, for mobile, or hw clock in hardware models like 200-211-220)

    2. FortiGate/FortiAuthenticator should have system time synced by NTP

    3. regardless of NTP sync a clock in token can get out of auto-correction window and so message requesting two consecutive codes for manual sync is shown. That might also happen during first/initial deployment, and so I'd suggest/recommend to admin to sync tokens before handing them over to users

     

    How-to:

    # execute fortitoken sync <tokenId=SN> <code1> <code2> - where code1 and code2 have to be consecutive token codes, one after another, so in 60 sec interval (default for HW tokens)

     

    Numbers in DRIFT column on GUI or in 'diag fortitoken info' show how many cycles is token's clock ahead or behind system clock in FGT/FAC.

    Terms & ConditionsAccessibility statement