|
The error message 'Failed. Forticare: FTM token Activation Code is invalid' occurs when a user tries to activate a FortiToken on a second smartphone.
It is not possible to use the same FortiToken on different smartphones. A FortiToken can be used only on one smartphone.
When a FortiToken is activated successfully on a smartphone, a unique reg-id is assigned for that specific smartphone on FortiGate under the FortiToken settings.
If the same FortiToken is disabled by the user in FortiGate and then re-enabled for the user on the same smartphone, the same reg-id will be seen again under the FortiToken setting. In the following example, it is clear that two FortiTokens have been enabled on the same smartphone:
show user fortitoken
config user fortitoken
edit "FTKMOB83712DC7FE"
set license "FTMTRIAL02062407"
set activation-code "EEIOHIDHBXN5QLXV"
set activation-expire 1665947817
set reg-id "fa0678e8f9e35f6a251cea691e4d56ed6fe9169ad03d2d26fe6dede6c8985a90" <<<-----
set os-ver "5.4.2_IOS"
next
edit "FTKMOB83F91CD33B"
set license "FTMTRIAL02062407"
set activation-code "EEIMCUO6X6DF4BL3"
set activation-expire 1665950284
set reg-id "fa0678e8f9e35f6a251cea691e4d56ed6fe9169ad03d2d26fe6dede6c8985a90" <<<-----
set os-ver "5.4.2_IOS"
next
end
Since it is not possible to have different reg-id values under each FortiToken setting, a specific FortiToken cannot be used on different smartphones.
The following debugging log shows the associated reg-id and some more information regarding the FortiToken:
diagnose debug disable
diagnose debug enable
diagnose fortitoken debug enable
2022-10-13 22:59:21 ftm_cfg_poll_token_states[405]:Poll token status!
2022-10-13 22:59:22 ftm_fc_comm_connect[55]:ftm TCPS connected.2022-10-13 22:59:22 ftm_fc_comm_send_request[117]:send packet success.
POST /SoftToken/Provisioning.asmx/Process HTTP/1.1
Accept: application/json, text/javascript, */*, q=0.01
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 208.91.113.53:443
Content-Length: 287
Connection: Keep-Alive
Cache-Control: no-cache
{ "d": { "__type": "SoftToken.PollingRequest", "__version": "4", "serial_number": "FGT3HD3915801656",
"__device_version": "6.0", "__device_build": "1914", "__clustered_sns": [ { "sn": "FGT3HD3915801656" }, { "sn": "FGT3HD3915801685" } ], "tokens": [ { "token": "FTKMOB83F91CD33B" } ] } }
2022-10-13 22:59:22 ftm_fc_comm_recv_response[266]:receive packet success.
{"d":{"__type":"SoftToken.PollingResponse",
"__version":"4","serial_number":"FGT3HD3915801656","__device_version":"6.0",
"__device_build":"1914","__clustered_sns":[{"sn":"FGT3HD3915801656","error":null},{"sn":"FGT3HD3915801685","error":null}],"tokens":[{"token":"FTKMOB83F91CD33B","license":"FTMTRIAL02062407","state":"provisioned",
"registration_id":"fa0678e8f9e35f6a251cea691e4d56ed6fe9169ad03d2d26fe6dede6c8985a90",
"mobile_device_version":"5.4.2_IOS",
"error":null}],"result":2,"error":null}}
2022-10-13 22:59:22 ftm_cfg_update_token_state[667]:Update REGID for FTKMOB83F91CD33B regid:fa0678e8f9e35f6a251cea691e4d56ed6fe9169ad03d2d26fe6dede6c8985a90 os_ver:5.4.2_IOS <----
The status of a successfully activated FortiToken on a smartphone is 'provisioned' in FortiGate:
diagnose fortitoken info
FORTITOKEN DRIFT STATUS
FTKMOB83F91CD33B 0 provisioned
FTKMOB83712DC7FE 0 provisioned
Total activated token: 0
Total global activated token: 0
Token server status: reachable
Related documents:
Registering-and-provisioning-fortitoken-mobile-tokens
Technical Tip: FortiToken basic troubleshooting
|
