Description
This article describes how to solve an issue where FortiToken mobile provides a 'Token is now locked' error while assigned to a remote user on FortiAuthenticator.
Scope
FortiAuthenticator, FortiToken Mobile.
Solution
When trying to assign FortiToken Mobile to a remote LDAP user, FortiAuthenticator responds with the error message 'FTKMOB*** is an invalid token. Token is now locked. Please unlock and try again later. If the problem persists, please call customer support'.
This is visible under Logging -> Log Access -> Logs.
Upon checking the status of mentioned FortiToken, it can be seen that the token became locked.
When troubleshooting, first verify that this EFTM license is registered on the proper FortiAuthenticator serial number through the Fortinet Service and Support Portal.
If the EFTM license is registered on the proper FortiAuthenticator, remove the token from the list and recreate the same token to solve the issue.
The token can be assigned to a remote LDAP user.
Related article:
https://docs.fortinet.com/document/fortitoken/latest/frequently-asked-questions/971392/error
