Help
Customer Service
Customer Service Information and Announcements
anoushiravan
Staff
Staff

Created on ‎04-03-2024 12:54 AM Edited on ‎09-02-2025 10:25 PM By Community Manager

Article Id 308115

Customer Service Tip: FortiToken error message 'token does not belong to product' or 'no valid token found'

Description

This article describes how FortiToken is used as a two-factor authentication on FortiGate. To use the FortiToken on FortiGate, it is necessary to note:

 

  • When the FortiToken mobile license is activated, the license should be registered under the Master FortiGate serial number in case of an HA cluster.
  • If the FortiToken mobile license is registered under the slave unit, the license will not be activated under the Master unit, therefore, for initial activation, it is necessary to register the license under the Master serial number.
  • The FortiToken mobile license will not work when uploading a config file from one FortiGate to another FortiGate. In this case, at first, the FortiToken mobile license should be registered under the FortiGate. The Mobile FortiToken license is going to be activated again.
  • FortiToken Mobile license can be activated only if the FortiGate has a connection with the FortiGuard server.

 

For instance, in the below FortiToken debugging output, the FortiToken FTKMOB947FDC1754 is not working since the license of this FortiToken has been registered under a different FortiGate serial number. Therefore, the error message 'token does not belong to the product' appears:

 

FGT (vdom) # edit root
current vf=root:0
FGT (root) # diagnose debug disable
FGT (root) # diagnose debug reset
FGT (root) # diagnose fortitoken debug enable
Debug messages will be on for 30 minutes.
FGT (root) # diagnose debug console timestamp enable

FGT (root) # 2024-03-30 04:10:03 ftm_cfg_provision_token[417]:provision token: FTKMOB947FDC1754
2024-03-30 04:10:03 ftm_fc_provision_token[810]:Provision token:FTKMOB947FDC1754
2024-03-30 04:10:04 ftm_fc_comm_connect[66]:ftm TCPS connected.
2024-03-30 04:10:04 ftm_fc_comm_send_request[128]:send packet success.

POST /SoftToken/Provisioning.asmx/Process HTTP/1.1
Accept: application/json, text/javascript, */*, q=0.01
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 208.91.113.53:443
Content-Length: 405
Connection: Keep-Alive
Cache-Control: no-cache

{ "d": { "__type": "SoftToken.ProvisionRequest", "__version": "4", "__device_version": "7.0", "__device_build": "2573", "serial_number": "FG140E4Q17000494", "__clustered_sns": [ { "sn": "FG140E4Q17000494" }, { "sn": "FG140E4Q17000407" } ], "tokens": [ { "token": "FTKMOB947FDC1754", "seed": "A84E2CAAD3BCEA970E05DC1A9B7BD2D562622F4A", "code_expire": 4320, "type": "totp", "period": 60, "digits": 6 } ] } }

2024-03-30 04:10:04 ftm_fc_comm_recv_response[277]:receive packet success.

{"d":{"__type":"SoftToken.ProvisionResponse","__version":"4","serial_number":"FG140E4Q17000494",

"__device_version":"7.0",

"__device_build":"2573","__clustered_sns":[{"sn":"FG140E4Q17000407","error":"Product is not registered"},{"sn":"FG140E4Q17000494","error":null}],

"tokens":[{"token":"FTKMOB947FDC1754", license":null,"token_activation_code":null,"qr_code":null,"code_expire":null,"error":{"error_code":31,"error_message":"token does not belong to product"}}],"result":0,"error":{"error_code":17,"error_message":"no valid token found"}}}

 

This is how the referenced error appears in the GUI, as shown below"

 

image.png
Scope FortiGate.
Solution

Open a ticket with the Customer Service team to transfer/register the FortiToken mobile license under the FortiGate serial number (Master serial number in case of HA cluster) that is supposed to be activated on it.

 

Once the FortiToken mobile license has been registered under the correct FortiGate serial number by Customer Service (Customer Service ticket), go to FortiGate and activate the FortiToken mobile license under: User & Authentication -> FortiTokens -> Create New -> Mobile Token, enter the Activation code from the license in the activation code field. -> 'OK'.

 

Read the links below for more information regarding the activation of the FortiToken Mobile license on FortiGate via GUI or CLI:
Technical Tip: Forti-Mobile token configuration in detail

Registering FortiToken Mobile

 

Note:

Regarding the trial SoftToken, the same error can be seen in the debug. This issue can be solved by deleting the associated Token and importing it one more time. 

 

image.png

 

To import the trial FortiTokens in the CLI, run the following command: 

 

execute fortitoken-mobile import 0000-0000-0000-0000-0000 

 

Note:

  • '0000-0000-0000-0000-0000' will import the trial tokens. For paid FortiTokens, enter the Activation Code accordingly.
  • Another possible alternative, if the licenses are registered under the secondary FortiGate, is to promote the secondary to primary. In this way, the active unit becomes the one holding the registered licenses, allowing them to function correctly.
2455
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.