Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kgeorge
Staff
Staff

Created on ‎12-29-2024 11:47 PM Edited on ‎03-31-2025 05:27 AM By Community Manager

Article Id 367189

Technical Tip: Licenses not updated on the GUI of Virtual Machines in HA Cluster

Description

 

This article describes how to troubleshoot when the active licenses are showing expired on the GUI of Virtual Machines configured in the HA Cluster.

 

Scope

 

FortiGate.

 

Solution

 

  1. The licenses on the GUI of the Virtual Machine are not updated, and the Update Debug will have the following entry:

 

installUpdObjRest[797]-Failed to copy new obj file /tmp/updQx40o6 to /etc/fssi.dat, errno=30, Read-only file system
installUpdObjRest[802]-Failed to restore /etc/fssi.dat
installUpdObjRest[898]-Step 10:Tell parent to respawn
upd_install_pkg[1434]-Failed to install FSCI000 result=(-10,0)
upd_install_pkg[1434]-Failed to install FSSI000 result=(-10,0)
upd_status_save_status[146]-try to save on status file
upd_status_save_status[159]-Failed opening /etc/upd.dat <--------

 

Generally, this entry 'Failed opening /etc/upd.dat' will be seen due to a lack of disk space on the device. However, disk space will not be an issue for VMs.

 

After carefully checking and understanding that the issue is not related to FortiGate reachability to FortiGuard Servers, first, perform the Failover to the Secondary VM.

 

If that does not work, rebooting the VM will fix this issue.

 

   2. In another scenario, the licenses will not get updated, and the following messages can be seen in the Update debug log outputs,

 

upd_status_set_ha_expiry[1526]-Missing contracts, got 1, expect 2
upd_status_set_ha_expiry[1544]-Reset expiry
do_update[678]-UPDATE failed

 

This generally occurs when the devices are registered under different accounts or the secondary device is not registered. Check the registration details of the devices in the HA Cluster.

 

If the devices are registered under different accounts, transfer the devices under one master account by contacting Fortinet Customer Service Support or by following this guide: Transfer a device to another FortiCloud account

 

Visit this link: FortiCare Technical Support for further help. 

 

Workaround:

Failover the HA to the Secondary firewall and update manually.

 

diagnose sys ha reset-uptime

get system ha status

 

diagnose debug application update -1
diagnose debug enable
exec update-now

 

Related articles:

Troubleshooting Tip: License not updating when FortiGate on HA have Different Account Registration

Troubleshooting Tip: License/Subscription failed to Update 

916
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.