| Description |
This article provides a step-by-step guide on collecting logs from FortiToken Mobile, which are essential for troubleshooting issues related to FortiToken-Mobile manual tokens or push notifications not functioning properly. |
| Scope |
FortiToken-Mobile / Android or IOS. |
| Solution |
When issues with FortiToken-Mobile push notifications are reportedāsuch as the push not arriving at the mobile device or arriving but failing to respond after tapping 'Approve' or 'Reject', collecting debug logs from the user device can be extremely helpful. Additionally, capturing some network packets on the mobile device may provide further clarity on the issue
To collect debug logs from FortiToken-Mobile, open the application on a mobile device and tap the three dots located in the top-right corner, as shown in the image below.
Next, select Help ā Contact Us.
From this menu, can export the logs via email or other communication platforms for further analysis.
Below is an example of what a successful push workflow should look like on the logs:
PushNotification Activity:
D VRI[PushNotificationActionActivity]: vri.reportNextDraw android.view.ViewRootImpl.performTraversals:4360 android.view.ViewRootImpl.doTraversal:2989 android.view.ViewRootImpl$TraversalRunnable.run:10304 android.view.Choreographer$CallbackRecord.run:1594 android.view.Choreographer$CallbackRecord.run:1603 D VRI[PushNotificationActionActivity]: vri.Setup new sync=wmsSync-VRI[PushNotificationActionActivity]#6 D OpenGLRenderer: makeCurrent grContext:0xb400007b0d6308e0 reset mTextureAvailable D VRI[PushNotificationActionActivity]: vri.reportDrawFinished W libc : Access denied finding property "vendor.display.enable_optimal_refresh_rate" W net.android.ftm: type=1400 audit(0.0:189089): avc: denied { read } for name="u:object_r:vendor_display_prop:s0" dev="tmpfs" ino=13240 scontext=u:r:untrusted_app_32:s0:c75,c257,c512,c768 tcontext=u:object_r:vendor_display_prop:s0 tclass=file permissive=0 app=com.fortinet.android.ftm E OpenGLRenderer: Unable to match the desired swap behavior. D VRI[PushNotificationActionActivity]: vri.reportNextDraw android.view.ViewRootImpl.performTraversals:4360 android.view.ViewRootImpl.doTraversal:2989 android.view.ViewRootImpl$TraversalRunnable.run:10304 android.view.Choreographer$CallbackRecord.run:1594 android.view.Choreographer$CallbackRecord.run:1603 D VRI[PushNotificationActionActivity]: vri.Setup new sync=wmsSync-VRI[PushNotificationActionActivity]#8 D OpenGLRenderer: makeCurrent grContext:0xb400007b0d6308e0 reset mTextureAvailable D VRI[PushNotificationActionActivity]: vri.reportDrawFinished D VRI[PushNotificationActionActivity]: vri.reportNextDraw android.view.ViewRootImpl.handleResized:2297 android.view.ViewRootImpl.-$$Nest$mhandleResized:0 android.view.ViewRootImpl$ViewRootHandler.handleMessageImpl:6693 android.view.ViewRootImpl$ViewRootHandler.handleMessage:6662 android.os.Handler.dispatchMessage:106 D VRI[PushNotificationActionActivity]: vri.Setup new sync=wmsSync-VRI[PushNotificationActionActivity]#10 D VRI[PushNotificationActionActivity]: vri.reportDrawFinished I HandWritingStubImpl: refreshLastKeyboardType: 1
PushNotification Validation:
D VRI[PushNotificationValidationActivity]: vri.reportNextDraw android.view.ViewRootImpl.performTraversals:4360 android.view.ViewRootImpl.doTraversal:2989 android.view.ViewRootImpl$TraversalRunnable.run:10304 android.view.Choreographer$CallbackRecord.run:1594 android.view.Choreographer$CallbackRecord.run:1603 D VRI[PushNotificationValidationActivity]: vri.Setup new sync=wmsSync-VRI[PushNotificationValidationActivity]#14 D OpenGLRenderer: makeCurrent grContext:0xb400007b0d6308e0 reset mTextureAvailable D VRI[PushNotificationValidationActivity]: vri.reportDrawFinished W libc : Access denied finding property "vendor.display.enable_optimal_refresh_rate" W net.android.ftm: type=1400 audit(0.0:189100): avc: denied { read } for name="u:object_r:vendor_display_prop:s0" dev="tmpfs" ino=13240 scontext=u:r:untrusted_app_32:s0:c75,c257,c512,c768 tcontext=u:object_r:vendor_display_prop:s0 tclass=file permissive=0 app=com.fortinet.android.ftm E OpenGLRenderer: Unable to match the desired swap behavior. D VRI[PushNotificationValidationActivity]: vri.reportNextDraw android.view.ViewRootImpl.performTraversals:4360 android.view.ViewRootImpl.doTraversal:2989 android.view.ViewRootImpl$TraversalRunnable.run:10304 android.view.Choreographer$CallbackRecord.run:1594 android.view.Choreographer$CallbackRecord.run:1603 D VRI[PushNotificationValidationActivity]: vri.Setup new sync=wmsSync-VRI[PushNotificationValidationActivity]#16 D OpenGLRenderer: makeCurrent grContext:0xb400007b0d6308e0 reset mTextureAvailable D VRI[PushNotificationValidationActivity]: vri.reportDrawFinished D VRI[PushNotificationValidationActivity]: vri.reportNextDraw android.view.ViewRootImpl.handleResized:2297 android.view.ViewRootImpl.-$$Nest$mhandleResized:0 android.view.ViewRootImpl$ViewRootHandler.handleMessageImpl:6693 android.view.ViewRootImpl$ViewRootHandler.handleMessage:6662 android.os.Handler.dispatchMessage:106 D VRI[PushNotificationValidationActivity]: vri.Setup new sync=wmsSync-VRI[PushNotificationValidationActivity]#18 D VRI[PushNotificationValidationActivity]: vri.reportDrawFinished D TrafficStats: tagSocket(169) with statsTag=0xffffffff, statsUid=-1
Push PopUP:
D VRI[PopupWindow:ecd153e]: vri.reportNextDraw android.view.ViewRootImpl.performTraversals:4360 android.view.ViewRootImpl.doTraversal:2989 android.view.ViewRootImpl$TraversalRunnable.run:10304 android.view.Choreographer$CallbackRecord.run:1594 android.view.Choreographer$CallbackRecord.run:1603 D VRI[PopupWindow:ecd153e]: vri.Setup new sync=wmsSync-VRI[PopupWindow:ecd153e]#24 D OpenGLRenderer: makeCurrent grContext:0xb400007b0d6308e0 reset mTextureAvailable D VRI[PopupWindow:ecd153e]: vri.reportDrawFinished D VRI[PopupWindow:ecd153e]: vri.reportNextDraw android.view.ViewRootImpl.handleResized:2297 android.view.ViewRootImpl.-$$Nest$mhandleResized:0 android.view.ViewRootImpl$ViewRootHandler.handleMessageImpl:6693 android.view.ViewRootImpl$ViewRootHandler.handleMessage:6662 android.os.Handler.dispatchMessage:106 D VRI[PopupWindow:ecd153e]: vri.Setup new sync=wmsSync-VRI[PopupWindow:ecd153e]#26 D VRI[PopupWindow:ecd153e]: vri.reportDrawFinished
Packet capture on the mobile device can help diagnose push notification issues. This allows verification of whether the mobile device is receiving push notifications from Google (for Android devices) or Apple (for iOS devices). For Android devices, an application like PCAPdroid can be installed to perform packet captures. On iOS devices, some limited packet capture apps are available, though functionality may vary.
Push Notification Server Details:
By analyzing these connections in the packet capture, it is possible to determine whether push notifications are reaching the device and troubleshoot accordingly.
In the packet capture tests conducted on an Android phone, DNS packets can be filtered to observe queries for mtalk.google.com. These queries originate from the mobile phone (IP: 10.215.173.1) toward the DNS Server.
The reply from the DNS server should return the corresponding IP address of the mtalk.google.com service.
After receiving the DNS response, a TLS communication is initiated between the mobile device and the push servers.
The final and most important step occurs after the user approves the push notification. At this point, the packet capture will reveal communication between the mobile device and the callback IP address, which is configured on the FortiGate or FortiAuthenticator.
In the example below, the IP address used for the push callback is 10.191.20.165
Note:
The IP responsible for Push replies from mobile phones on FortiAuthenticator can be found under: System -> Administration -> System Access -> Public IP/FQDN for FortiToken Mobile.
The IP responsible for Push replies from mobile phones on FortiGate can be found:
config sys ftm-push set server-ip X.X.X.X |
