Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
acardona
Staff
Staff

Created on ‎03-19-2025 10:50 PM Edited on ‎03-25-2025 06:30 AM By Moderator

Article Id 383088

Troubleshooting Tip: FortiGate is unable to Send activation code to the user error '-333'

Description This article describes how to correct the issue when the FortiGate shows the error:'-333' via CLI when trying to provision the mobile token.
Scope FortiGate.
Solution

When trying to provision the new mobile token, the error shown by the CLI is '-333'. The debug shows error 503 services Unavailable or response invalid, from CLI when trying to provision the token the error is '-333':

 

To enable debugging:

diagnose fortitoken debug enable
diagnose debug enable

 

ftm_fc_comm_recv_response[239]:response invalid
HTTP/1.1 503 Service Unavailable

 

To disable debugging:

 

diagnose debug disable

 

Verify the following to fix the issue:

  1. If the FortiGate belongs to a cluster, verify the current primary is registered with the FortiToken licenses:

 

config user fortitoken

    edit <Serial number>

    show

 

  1. Change the FortiGuard configuration to the following:

 

config system fortiguard
    set fortiguard-anycast enable
end 

 

After performing these changes, the debug shows the following message:


ftm_fc_comm_recv_response[266]:receive packet success.

ftm_cfg_send_token_activation_code[338]:sent activation code:
229
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.