Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
kwcheng__FTNT
Staff
Staff

Created on ‎08-03-2025 10:32 PM Edited on ‎12-02-2025 01:52 AM By Community Manager

Article Id 404788

Technical Tip: Understanding the log message 'FortiToken Mobile Activation'

Description This article describes the typical circumstances behind the 'FortiToken Mobile Activation'.
Scope FortiAuthenticator.
Solution

Event ID 10104 refers to any event log entry related to FortiToken Mobile activation. This log only included soft tokens (purchased and trial FortiToken Mobile) but not hardware tokens.

 

The sample system event message(s) will look like below:

 

  1. Sending activation code:

 

date=2025-08-04 time=20:13:33+0000 oid=8888 logid=10104 cat="Event" subcat="Admin Configuration" level="notice" nas="" action="" status="" msg="FTM provision: token "FTKMOBXXXXXXXXXX", user "admin", activation code "ABCDEFGHIJKLMNOP"" user=""

 

  1. Unable to download trial FortiToken due to a DNS issue:

 

date=2025-08-04 time=20:13:33+0000 oid=8888 logid=10104 cat="Event" subcat="Admin Configuration" level="warning" nas="" action="" status="" msg="Unable to load trial FTM tokens: unable to resolve server domain name" user=""

 

  1. Unable to download trial FortiToken due to a connection issue:

 

date=2025-08-04 time=20:13:33+0000 oid=8888 logid=10104 cat="Event" subcat="Admin Configuration" level="warning" nas="" action="" status="" msg="Unable to load trial FTM tokens: connection timeout" user=""

 

  1. Unable to download trial FortiToken due to system error:

 

date=2025-08-04 time=20:13:33+0000 oid=8888 logid=10104 cat="Event" subcat="Admin Configuration" level="warning" nas="" action="" status="" msg="Unable to load trial FTM tokens: system error" user=""

 

  1. Fail to deprovision FortiToken due to an unknown system error:

 

date=2025-08-04 time=20:13:33+0000 oid=8888 logid=10104 cat="Event" subcat="Admin Configuration" level="error" nas="" action="" status="" msg="The FortiToken Mobile could not be deprovisioned while restarting activation: Unable to deprovision token FTKMOBXXXXXXXXXX: Unknown error. It has now been temporarily locked from future use." user="admin"

 

There are many other events, and they will still share the same event IDs under 10104. They can be viewed under Log Access -> Logs -> filter '10104'. In order for FortiAuthenticator to download the trial tokens successfully, make sure the FortiAuthenticator has sufficient internet access and is not being blocked by any firewall policy or security profile, such as web filtering.

 

Additionally, FortiAuthenticator must be able to resolve fortitokenmobile.fortinet.com to activate FortiToken Mobile. 

 

Execute the following command from FortiAuthenticator SSH:

 

execute nslookup fortitokenmobile.fortinet.com 

 

Correct output looks like:

 

Server: 127.0.0.1
Address: 127.0.0.1:53

Non-authoritative answer:
Name: fortitokenmobile.fortinet.com
Address: 173.243.138.84

 

In case FortiAuthenticator cannot resolve fortitokenmobile.fortinet.com, check FortiAuthenticator DNS servers entry under FortiAuthenticator -> System -> Network ->DNS.

 

161
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.