After upgrading the FortiAuthenticator to version 6.6.0/6.6.1, the following error can occur during assigning FortiToken.

Unable to provision token FTKMOBxxxxxxx: Unknown error. Your changes have been rolled back. Please try again later.

FTM provision error: problem with SSL comm layer: failed to recv response header: SSL communication layer error

Failed to send registration update (code = -14)

FGD SMS: problem with SSL comm layer

Also visible from the logs:

2024-05-27T14:42:58.717015+08:00 FortiAuthenticator gui[16524] debug fac.home.www-data.fac.fac.apps.fac_auth.clibs __init__ 140249236948672 Token provisioning request is from FAC.
2024-05-27T14:42:59.030889+08:00 FortiAuthenticator gui[16524] error fac.home.www-data.fac.fac.apps.fac_auth.clibs __init__ 140249236948672 FTM provisioning request failed for "FTKMOBxxxxxxx": Unknown error (error code -14)

date=2024-05-27 time=06:37:57+0000 oid=39680 logid=30909 cat="Event" subcat="System" level="error" nas="" action="" status="" msg="FTM provision error: problem with SSL comm layer: failed to recv response header: SSL communication layer error" user="admin"
date=2024-05-27 time=06:37:57+0000 oid=39679 logid=10002 cat="Event" subcat="Admin Configuration" level="information" nas="" action="Edit" status="" msg="Assigning FortiToken FTKMOBxxxxxxx to local user test" user=""

Check if FortiAuthenticator can ping fortitokenmobile.fortinet.com:

exe ping fortitokenmobile.fortinet.com

For the solution, follow the next steps, re-uploading the VM license will solve the issue:

• To regenerate the certificate, it is necessary to upload another license (temporary license).
• FortiAuthenticator reboots.
• Install the original license.
• FortiAuthenticator reboots again.
• The system triggers certificate regeneration with the correct cipher that is accepted by FortiGuard servers.

The license can be found in the Support portal. Ensure the NTP is enabled and the time is correct.

Note:

The issue is resolved in v6.6.3. It is listed in the Release Notes under ID 1039024.