Fortigate is unable to connect to the EMS cloud and displays the following error.

Go to Security Fabric -> Fabric Connector -> FortiClient EMS:

Below is the error shown in the CLI:

FGT # execute fctems verify 1
Error in requesting EMS fabric connection: -9901
issue in getting capabilities.
Error (-1@_perform_rest_api:253).(_get_capabilities,457)

Run the fcnacd debug:

FGT # diagnose debug application fcnacd -1.

FGT # diagnose debug enable

Check for the following error:

[__ctx_sub_ez_worker_err_cleanup_cb:599] Call not submitted.
obj-id: 5, desc: REST API to get EMS public address and port., entry: api/v1/settings/server/public_address.
error info: Error (-1@ec_ez_worker_base_prep_resolver:329). Could not resolve the server forticlient-emsproxy.forticloud.com (ec_ez_worker_prep,2
16) (ec_ems_context_submit_work,638)Internal error: failed to prepare worker
[__worker_handle_certinfo:262] Could not get certificate info.
[ec_ez_worker_process:458] Call completed with failure.

This error indicates that FortiGate is not able to resolve forticlient-emsproxy.forticloud.com.

Go to Network -> DNS on FortiGate and make sure that the DNS server is reachable. 

Refer to the article below to troubleshoot DNS unreachable issues.
Technical Tip: DNS server is unreachable when using custom DNS

Once the DNS server is reachable, FortiGate can resolve forticlient-emsproxy.forticloud.com FQDN.

FGT # execute ping forticlient-emsproxy.forticloud.com
PING ac06a1ca5c53e4c2ab080da8b6b12d00-0ee2231ad8afa4b3.elb.ap-southe (52.74.249.14): 56 data bytes

Once the FortiGate can resolve the FQDN, fcnacd debug will show that the call was submitted successfully, and the FortiGate can connect to the EMS Cloud.

[ec_ez_worker_process:400] Processing call for obj-id: 5, entry: "api/v1/settings/server/public_address"
[_update_obj_stats:365] Storing (5, GWCC 1000f, 0)
[ec_ez_worker_process:508] Call completed successfully.

Related article:
Troubleshooting Tip: Avoid 'EMS server was not reached' errors by correctly authorizing FortiGate to...