Troubleshooting Tip: FortiToken error message 'token does not belong to product' or 'no valid token found'

This article describes that FortiToken is used as a two-factor authentication on FortiGate. To use the FortiToken on FortiGate, it is necessary to note:

• When the FortiToken mobile license is activated, the license should be registered under the Master FortiGate serial number in case of HA cluster.
•  If the FortiToken mobile license is registered under the slave unit, the license will not be activated under the Master unit, therefore for initial activation, it is necessary to register the license under the Master serial number
• The FortiToken mobile license will not work when uploading a config file from one FortiGate to another FortiGate, in this case, at first the FortiToken mobile license should be registered under the FortiGate The Mobile FortiToken license is going to be activated again
• FortiToken Mobile license can be activated only if The FortiGate has a connection with the FortiGuard server

For instance, in the below FortiToken debugging output, the FortiToken FTKMOB947FDC1754 is not working since the license of this FortiToken has been registered under a different FortiGate serial number. Therefore, the error message 'token does not belong to product' appears:

FGT (vdom) # edit root
current vf=root:0
FGT (root) # di de dis
FGT (root) # di de reset
FGT (root) # di fortitoken debug enable
Debug messages will be on for 30 minutes.
FGT (root) # di de cons time en

FGT (root) # 2024-03-30 04:10:03 ftm_cfg_provision_token[417]:provision token: FTKMOB947FDC1754
2024-03-30 04:10:03 ftm_fc_provision_token[810]:Provision token:FTKMOB947FDC1754
2024-03-30 04:10:04 ftm_fc_comm_connect[66]:ftm TCPS connected.
2024-03-30 04:10:04 ftm_fc_comm_send_request[128]:send packet success.

POST /SoftToken/Provisioning.asmx/Process HTTP/1.1
Accept: application/json, text/javascript, */*, q=0.01
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 208.91.113.53:443
Content-Length: 405
Connection: Keep-Alive
Cache-Control: no-cache

{ "d": { "__type": "SoftToken.ProvisionRequest", "__version": "4", "__device_version": "7.0", "__device_build": "2573", "serial_number": "FG140E4Q17000494", "__clustered_sns": [ { "sn": "FG140E4Q17000494" }, { "sn": "FG140E4Q17000407" } ], "tokens": [ { "token": "FTKMOB947FDC1754", "seed": "A84E2CAAD3BCEA970E05DC1A9B7BD2D562622F4A", "code_expire": 4320, "type": "totp", "period": 60, "digits": 6 } ] } }

2024-03-30 04:10:04 ftm_fc_comm_recv_response[277]:receive packet success.

{"d":{"__type":"SoftToken.ProvisionResponse","__version":"4","serial_number":"FG140E4Q17000494","__device_version":"7.0","__device_build":"2573","__clustered_sns":[{"sn":"FG140E4Q17000407","error":"Product is not registered"},{"sn":"FG140E4Q17000494","error":null}],"tokens":[{"token":"FTKMOB947FDC1754", license":null,"token_activation_code":null,"qr_code":null,"code_expire":null,"error":{"error_code":31,"error_message":"token does not belong to product"}}],"result":0,"error":{"error_code":17,"error_message":"no valid token found"}}}