Skip to main content
Goran_Blomquist
Goran_Blomquist
New Member
September 30, 2024
Question

Unable to provision token: Unknown error after upgrade

  • September 30, 2024
  • 1 reply
  • 1809 views

Get error "unable to provision token" when add Mobile token to new user. 

I can reach fqdn fortitokenmobile.fortinet.com and there is no intercept related to SSL (FortiGate).

 

Also get:

FTM provision error: problem with SSL comm layer: failed to recv response header: SSL communication layer error

There is more then 200 available mobile tokens and all already provisioned tokens works.

 

All worked befor upgrade to 6.2.2. 

 

 

 

Best regards

 

//Goran

 

 

 

1 reply

rbraha
Staff
rbraha
Staff
September 30, 2024

Hi @Goran_Blomquist 
Where are these tokens set on FGT or in FortiAuthenticator?
If they are on FAC ,make sure that you are not using any proxy server configured under Administration-FortiGuard- FortiGuard Proxy Server. Also make sure that EFTM license for these tokens is added on support.fortinet.com under this FAC SN.

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-FortiAuthenticator-VM-Unable-to-provision-token/ta-p/189578

 

    Goran_Blomquist
    Goran_BlomquistAuthor
    New Member
    September 30, 2024

    Thank You for reply

     

    Where are these tokens set on FGT or in FortiAuthenticator?

    FortiAuthenticator

    No FortiGuard Proxy Server  Configured. yes...EFTM are valid if I understand it right. Is a very old konfig and theres no timelimit on fortitokens if I understand it right. 

     

    Regards

     

    Goran

    rbraha
    Staff
    rbraha
    Staff
    October 1, 2024

    Hi,
    On support.fortinet.com portal you can see to which FAC SN is mapped EFTM license that you have configured on FAC. User Management- Fortitokens one of the column FTM license with show this EFTM SN, just compare it if its the same mapped to this FAC SN on support.fortinet.com.
    Additionally make sure you have configured on System Access- Public IP/FQDN for FortiToken Mobile of FAC and make sure that on Network-Interface -edit port1 and check if its enabled Fortitoken mobile API. On firewall side please check that if firewall policies that allows traffic for FAC on both side incom/out or any security profile that will prevent communication with FGD server.

      Terms & ConditionsAccessibility statement