This article describes a situation where the SDN connector status is showing 'down' and service tags are not being retrieved. 

As a first step, execute the following command to check the status of SDN connector , this will display status for all configured SDN connectors:

FortiGate-A # diagnose system sdn status
SDN Connector       Type       Status
-------------------------------------------------------------
SDN_CONNECTOR       azure        Down

Alternatively, to only see the status for a specific connector if many are configured:

diagnose system sdn status <connector_name>

If the connector status shows as 'down', execute the following debug commands to gather further information:

diagnose debug reset
diagnose debug application azd -1
diagnose debug console timestamp enable
diagnose debug enable

The following error message will appear:

azd[237]: az_service_tag_update(): failed to get service tags addresses
azd[237]: az_query_service_tags(): error retrieving Azure service tag list (rc=-1)

To stop running the azure daemon real-time debugs:

diagnose debug reset

diagnose debug disable

Resolution:

This error can be resolved by performing a force refresh for the SDN connector and the following command can be used to force a refresh:

diagnose test application azd 3

Related articles:
Verifying SDN Connector Status

Troubleshooting Tip: AWS SDN connector showing down

Multiple concurrent SDN connectors