|
Sometimes, when trying to assign a FortiToken to the users in FortiGate, an error message: 'FortiCare Unreachable' can appear.
One possibility of this error is due to DNS unable to resolve the hostname.
Perform a ping as per below in FortiGate:
# execute ping fds1.fortinet.com
# execute ping directregistration.fortinet.com
The ping fails with the message: 'unable to resolve hostname'.
Now, run the debug commands below, simultaneously ping the FQDN:
directregistration.fortinet.com on FortiGate.
# diag debug application dnsproxy -1
# diag debug enable
# execute ping directregistration.fortinet.com
The DNS debug result will show output similar to below.
Output from DNS debug:
last_tx=0 ftg_last_tx=0 domain=directregistration.fortinet.com (orig id: 0x0000 local id:0x0000 active)
[worker 0] dns_send_request()-1302
[worker 0] dns_query_get_local_id()-352: Cannot find local id (number of queries: 18)
- Cannot find local ID in the output means its not releasing the local-ID resource.
To resolve:
Restart DNS proxy using the below command:
# diag test application dnsproxy 99
Once the DNS proxy daemon has been restarted check the ping again and this time the ping should be successful and further the FortiTokens can be provisioned to the intended users.
|
