|
When experiencing this issue, the user experiences the following:
- The error 'import fortitoken license error: -7500' appears.
- No tokens (trial or licensed) appear in response to the command 'show user FortiToken'.
- When trying to import a FortiToken mobile in the GUI, an internal server error occurs.
- The FortiGate can ping the FortiGuard servers.
Below is an example of what a debugging process returns:
diag debug app forticldd -1
Debug messages will be on for 27 minutes.
diag debug app alert -1
Debug messages will be on for 27 minutes.
diag fortitoken debug enable
Debug messages will be on for 26 minutes.
diag debug enable
exec fortitoken-mobile import FTKMOB0A08Bxxxx
2022-10-03 20:48:43 ftm_cfg_import_license[321]:import license FTKMOB0A08Bxxxx
2022-10-03 20:48:43 ftm_fc_comm_connect[38]:ftm cannot resolve DNS
2022-10-03 20:48:43 ftm_fc_command[588]:forticare [ftm2.fortinet.net:443] unreachable
import fortitoken license error: -7500
To fix the issue, disable 'fortiguard-anycast' under 'config system fortiguard' and import the FortiToken again on the GUI:
config system fortiguard
set fortiguard-anycast disable
set protocol https
set port 8888
set sdns-server-ip 208.91.112.220 173.243.140.53 210.7.96.53
end
Alternatively, if the fortiguard-anycast-source is set to aws. It is necessary to change it to Fortinet as follows:
config system fortiguard
set fortiguard-anycast enable
set fortiguard-anycast-source fortinet
end
If the above troubleshooting steps do not resolve the issue, try running the following commands via CLI:
diagnose debug reset
diagnose debug application update -1
diagnose debug enable
execute update-now
Once the output shows 'Update successful', navigate to User & Authentication -> FortiTokens and verify whether the newly registered FortiTokens are now visible in the list.
|
