Troubleshooting Tip: The product serial number has already been registered - FortiManager/FortiAnalyzer

Troubleshooting:

This issue arises when the FortiManager/FortiAnalyzer is already registered on the FortiCare Support Portal but is not able to reach the FortiGuard servers to verify the registration information.

1. Check if FortiManager/FortiAnalyzer is connected to the internet to communicate with the FortiGuard server.
   Access FMG via SSH/console and try:

exe ping usfds1.fortinet.com

2. Check if the FortiManager/FortiAnalyzer is getting the FortiGuard server's IP address:

diagnose fmupdate view-serverlist fds

3. Check the FDS logs:

dia fmupdate view-linkd-log fds

Logs for an FDS connection error:

Resolution:

4. Make sure to allow port 443 communication to the following domains:
   • usforticlient.fortinet.net
   • forticlient.fortinet.net
   • usfds1.fortinet.com
   • fds1.fortinet.com
     • OR a wildcard FQDN *.fortinet.com and *.fortinet.net
     • OR use the Internet Services object 'Fortinet-FortiGuard' on the edge FortiGate. See Technical Tip: How to get FortiGuard server IP and connect port.
       
       
5. Restart the FDS service from the FortiManager/FortiAnalyzer CLI

diagnose fmupdate service-restart fds

6. Check the FortiGuard server's IP address again. It should show multiple IP addresses:

diagnose fmupdate view-serverlist fds

7. Check the FDS logs again. This time the communication should be successful:

dia fmupdate view-linkd-log fds

8. Try logging into FortiManager/FortiAnalyzer again. Registration should not be requested this time:

NOTE: This is also useful in cases where a license is added/renewed for FortiManager/FortiAnalyzer but is not reflected on the device due to a FortiGuard communication error.

Related articles:

• Technical Tip: Verifying FortiGuard connectivity on FortiManager.
• Technical Tip: How to get FortiGuard server IP and connect port.
• Troubleshooting Tip: Resolving a FortiCare and SSO pop-up error with FortiManager registration.