Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ddeguzman
Staff
Staff

Created on ‎03-18-2024 10:47 PM Edited on ‎08-24-2025 04:26 AM By Moderator

Article Id 305263

Troubleshooting Tip: 'EMS rejected request data. Error' when connecting FortiClient EMS to the FortiGate-VM

Description

This article describes an issue when trying to connect FortiGate to the FortiClient EMS.


Failed to verify the certificate for server "emailaddress@fortinet.com (ID: 1)".
Issue in sending initial FortiGate Serial Number: EMS rejected request data. Error (-1@_submit_init_fgt_sn:602).

 

Or:

 

Error in requesting EMS fabric connection: -9
Issue in sending initial FortiGate Serial Number: EMS rejected request data.
Error (-1@_submit_init_fgt_sn:601)
Scope FortiGate-VM.
Solution

Use the following diagnosis commands to identify connectivity issues. These commands enable debugging of the EMS connector with a debug level of -1 for detailed results.

diagnose debug reset
diagnose debug disable
diagnose debug console timestamp enable
diagnose debug app fcnacd -1
diagnose debug enable


The CLI displays debug output similar to the following:

2024-03-14 23:05:15,636 DEBUG certificate cert_info {'client_cn': 'FortiGate', 'thumbprint': 'C4:3E:2D:39:1D:83:6E:0F:DA:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX', 'certificate': {'thumbprint': 'C4:3E:2D:39:1D:83:6E:0F:DA:02:79:8D:XX:XX:XX:XX:XX:XX:XX:XX', 'subject': 'FortiGate', 'issuer': 'fortinet-subca2001'}}

 

The CN portion of the certificate should contain FortiGate's serial number instead of 'FortiGate'.

 

In the GUI, the following error is displayed:

EMS.png


This might be caused by the Fortinet Factory Certificate CN field being set to 'FortiGate'. To confirm, go to System -> Certificates -> Fortinet Factory and verify the CN field. This should contain the FortiGate serial number instead. 

CN FortiGate.png

 

To resolve this issue, re-upload the license from the FortiGate support portal to the FortiGate VM.

To upload the FortiGate-VM license file via the GUI:

Go to System -> FortiGuard. In the License Information section, go to the Virtual Machine row and select FortiGate VM License.


VM.png


This can also be done via the CLI with the following command:

execute vm-license <token> <-- Replace the token with FortiGate VM serial number.

Note: This will reboot the FortiGate and interrupt production. 

Related article:
Technical Tip: Error 'Failed to verify the certificate for server "FortiClientEMSCloud (ID: 1)"'
1127
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.