Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msolanki
Staff
Staff

Created on ‎11-26-2025 03:46 AM Edited on ‎12-17-2025 03:10 AM By Community Manager

Article Id 420559

Technical Tip: Troubleshooting step when single license HA cluster device not registered

Description This article describes the steps to troubleshoot and resolve the issue related to registering devices with a single license in a FortiGate HA cluster.
Scope

FortiGate.
Solution

When a FortiGate cluster is deployed in an HA configuration by following the Single FortiGuard license for FortiGate A-P HA cluster, the device may still fail to register, and the logs may display the following errors:

 

FGT1 # diagnose sys ha dump-by debug-zone

HA information.

is_manage_primary=1,manage_vd=root,ip=169.254.0.2,num=2,nvcluster=1,jiffies=456481.

No logical serial number,retry times=10

FG101FTK24005632, 1,0,00,10,0,7.4.2795,0,0,0,0.

FG101FTK24005677, 0,29,00,10,0,7.4.2795,1,1,-1,0.

vcluster_id=1.

FG101FTK24005632, 0,0.

FG101FTK24005677, 1,1.

 

  1. Check the FortiGate device's system configuration and ensure that the logical serial number (LSN) is enabled. The LSN is required for registration.
  2. Verify that the FortiGate devices are running the correct firmware version. Ensure that the firmware version is compatible with the registration process (FortiOS 7.2.9, 7.4.6 and 7.6.1 and above)
  3. Check the FortiCloud portal and ensure that the devices are properly registered and that the registration status is up-to-date.

  4. If the issue persists and the 'No valid cluster keyerror appears in the diagnose debug update-1 output, try disabling and re-enabling the Logical Serial Number (LSN) in the HA configuration.

    For more details, refer to the following article: Technical Tip: Logical SN or vSN does not appear on the HA status.

  5. If the device is still not registering, try de-registering it from the FortiCloud portal and then registering it again. If needed, contact the CS team for assistance.
  6. If these logs continue to appear, verify that the FortiGate device can establish connectivity to the domain globalregistration.fortinet.net. This domain is critical for proper operation, and access may be restricted by an intermediate device or security policy. Ensure that no network or firewall rules are blocking communication with globalregistration.fortinet.net

 

diagnose debug enable
diagnose debug app forticldd -1
diagnose debug app hatalk -

 

hatalk:ERRO> Failed to retrieve cluster key. http_error_code:[0] Will try again.
[189] fds_get_addr: name=globalregistration.fortinet.net, id=60976, cb=0x5556223d08
Valid logic-sn can't be obtained from Fortinet online server and cluster will not work properly until the key is loaded!

 

Related document:

Single FortiGuard license for FortiGate A-P HA cluster - FortiGate 7.4.0 new features
238
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.