Description
This article explains what to do when these errors are shown while importing the mobile FortiToken using the activation code:
-- import FortiToken license error:-7551
-- import FortiToken license error:-7561
Scope
FortiGate.
Solution:
Important Note: Technical Tip: FortiToken Mobile will no longer support License Transfer between different devices
Check if FortiGate can connect to FortiGuard servers:
execute ping fds1.fortinet.com
execute ping directregistration.fortinet.com
If the above pings are successful, then run the below debugs and import the license via CLI or GUI:
diagnose debug console timestamp enable
diagnose debug app forticldd -1
diagnose fortitoken debug enable
diagnose debug enable
Mobile/Soft FortiToken has to be imported into the FortiGate with the help of the activation code that is received from the License purchase.
Procedure to import the License via CLI:
execute fortitoken-mobile import <ActivationCodeFromRedemptionCertificate>
When using the activation code in the GUI, 'Internal Server Error' is observed.
If the error 'import fortitoken license error: -7551' is observed, check with the FortiCare team, as it is a license issue.
Example:
FG500SJKIA # execute fortitoken-mobile import EEEE-DDDD-CCCC-BBBB-AAAA
In debugs, it is observed:
2019-08-15 11:22:38 ftm_cfg_import_license[317]:import license EEEE-DDDD-CCCC-BBBB-AAAA
2019-08-15 11:22:38 ftm_fc_cfg_set_fd_mgmt_vdom[47]:Using vfid=0 (mgmt:0 ha:2)
2019-08-15 11:22:39 ftm_fc_comm_send_request[315]:send packet to forticare success.
POST /SoftToken/Provisioning.asmx/Process HTTP/1.1
Accept: application/json, text/javascript, */*, q=0.01
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: fortinet-ca2.fortinet.com
Content-Length: 305
Connection: Keep-Alive
Cache-Control: no-cache
{ "d": { "__type": "SoftToken.ActivationLicenseRequest", "__version": "4", "license_activation_code": " EEEE-DDDD-CCCC-BBBB-AAAA ", "serial_number": "FG5H0E5818******", "__device_version": "6.0", "__device_build": "0932", "__clustered_sns": [ { "sn": "FG5H0E5818******" }, { "sn": "FG5H0E5818******" } ] } }
2019-08-15 11:22:40 ftm_fc_comm_recv_response[501]:receive packet from forticare success.
{"d":{"__type":"SoftToken.ActivationLicenseResponse","__version":"4","serial_number":"FG5H0E12******","__device_version":"6.0","__device_build":"0932","__clustered_sns":
[{"sn":"FG5H0E5818******","error":null},{"sn":"FG5H0E5818******","error":null}],"license_activation_code":" EEEE-DDDD-CCCC-BBBB-AAAA ","license":"EFTM050040******","tokens":null,"result":0,"error":{"error_code":1,"error_message":"runtime error"}}}
2019-08-15 11:22:40 ftm_fc_command[564]:received error from forticare [-7551]
import fortitoken license error: -7551
Send an email to 'ftms_admin@fortinet.com' with logs to check the license.
If the error 'import fortitoken license error: -7561' is observed, check with the Reseller/Distributor if it has already been activated.
execute fortitoken-mobile import AAAA-BBBB-CCCC-DDDD-EEEE
Debugs:
POST /SoftToken/Provisioning.asmx/Process HTTP/1.1
Accept: application/json, text/javascript, */*, q=0.01
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 208.91.113.53:443
Content-Length: 305
Connection: Keep-Alive
Cache-Control: no-cache
{ "d": { "__type": "SoftToken.ActivationLicenseRequest", "__version": "4", "license_activation_code": " AAAA-BBBB-CCCC-DDDD-EEEE ", "serial_number": "FGT81F*******", "__device_version": "7.0", "__device_build": "0366", "__clustered_sns": [ { "sn": "FGT81F*******" }, { "sn": "FGT81F*******" } ] } }
2022-09-16 09:36:40 ftm_fc_comm_recv_response[501]:receive packet from forticare success.
{"d":{"__type":"SoftToken.ActivationLicenseResponse","__version":"4","serial_number":"FGT81F*******","__device_version":"7.0","__device_build":"0366","__clustered_sns":
[{"sn":"FGT81F*******","error":null},{"sn":"FGT81F*******","error":null}],"license_activation_code":" AAAA-BBBB-CCCC-DDDD-EEEE ","license":"","tokens":null,"result":0,"error":{"error_code":11,"error_message":"forticare license already activated"}}}
2022-09-16 09:36:40 ftm_fc_command[615]:received error from forticare [-7561]
import fortitoken license error: -7561
If the error 'import fortitoken license error: -7561' and using the High Availability cluster, make sure contract licenses are applied to the primary unit and not to the secondary unit.
Note:
When the 'import fortitoken license error: -7561' error code appears, along with 'forticare license already activated', it indicates that the FortiToken Mobile license is registered to a different serial number, preventing the registration on the new device.
To identify the serial number of the device linked to this license, a ticket with Customer Service needs to be opened. Customer Service will assist in re-registering this license to the proper FortiGate device (if a migration matches to these rules).
Related articles:
