| Description | This article describes how to fix the internal processing error for the EMS connection in the Fabric connector on FortiGate. |
| Scope | FortiGate. |
| Solution |
Configuration through CLI:
config endpoint-control fctems
Troubleshooting step: The root CA certificate and intermediate CA certificate are properly imported into FortiGate: Troubleshooting Tip: EMS certificate not trusted with customized certificate
execute fctems verify 1 Error in requesting EMS fabric connection: -9901 issue in getting capabilities. ~ Error (-1@_get_capabilities:459).
diagnose endpoint fctems test-connectivity 1 Connection test had an error -9901: ' If connectivity status show an error run real-time fcnacd debugs : diagnose debug app fcnacd -1 diagnose endpoint filter show-large-data yes diagnose debug enable
https://x.x.x.x/api/v1/system/serial_number [ec_ez_worker_base_prep_ssl:428] verify peer method: 2, current ssl_cb: (nil), new ssl_cb: 0xa21ba8 [ec_ems_context_submit_work:640] Call submitted successfully. obj-id: 0, desc: REST API to get EMS Serial Number., entry: api/v1/system/serial_number.
[ec_ez_worker_process:393] Processing call for obj-id: 0, entry: "api/v1/system/serial_number" [ec_ez_worker_process:412] reply: " !doctype html> <html lang="en"> <head> <title>Bad Request (400)</title> </head> <body> <h1>Bad Request (400)</h1><p></p> </body> </html>
In this topology, the EMS server is behind FortiGate and the EMS server is accessible through a public IP address. The EMS server is accessed through the public proxy so it is necessary to specify a public IP address as a management IP and port number:
|
