| Description |
This article explains the log message and how to resolve it. FortiGate might receive the following log message ‘FortiGate scheduled update failed’ a few times. |
| Scope | FortiGate. |
| Solution |
The following CLI command can be run to verify which of the FortiGuard services was updated when:
diagnose autoupdate versions
From the output, verify which of the services were not authorized for the update as they were not covered in the license. Select System -> FortiGuard -> License Information to verify which Entitlement is covered in the license.
An example is shown below:
Industrial Attack Definitions --------- Version: 6.00741 Contract Expiry Date: n/a Last Updated using manual update on Tue Dec 1 02:30:00 2015 Last Update Attempt: Thu Jan 4 08:02:29 2024 Result: Unauthorized
Malicious Certificate DB --------- Version: 0.00000 Contract Expiry Date: Fri Sep 2 2022 Last Updated using manual update on Mon Jan 1 00:00:00 2001 Last Update Attempt: Thu Jan 4 08:02:29 2024 Result: Unauthorized
Hence every scheduled update was performed, updates for these 2 services were failing for the above reason and the log message 'FortiGate scheduled update failed' was generated.
If the ‘Connectivity failure’ error can be observed in the output, then change the FortiGuard service/port to https/443 from udp/8888 or vice versa.
Attack Definitions --------- Version: 6.00741 Contract Expiry Date: Wed Jul 26 2023 Last Updated using manual update on Tue Dec 1 02:30:00 2015 Last Update Attempt: Thu Aug 27 11:52:52 2020 Result: Connectivity failure
config system fortiguard (fortiguard) # set protocol https (fortiguard) # set port 443 (fortiguard) # end
Then try to manually update all the services by running the CLI commands:
diagnose debug enable diagnose debug application update -1 execute update-now
Run these CLI commands to observe any error in any Update of FortiGuard services:
diagnose debug reset
diagnose debug application update -1 Debug messages will be on for 30 minutes.
diagnose debug console timestamp enable
diagnose debug enable
execute update-now
Automatic FortiGuard Updates can be disabled as shown by the below picture by selecting: System -> FortiGuard -> FortiGuard Updates.
Using CLI:
config system autoupdate schedule
(schedule) # sh full-configuration config system autoupdate schedule set status enable set frequency automatic end
(schedule) # set *status Enable/disable scheduled updates. *frequency Update frequency.
(schedule) # set status disable
(schedule) # end
Related article:
Technical Tip: Verifying and troubleshooting FortiGuard updates status and versions |
