| Description |
This article describes the case when not receiving SMS for 2FA while using FortiGuard as an SMS server. |
| Scope | FortiGate. |
| Solution |
execute fortiguard-message info Last update: Wed Sep 2 07:07:54 2023
Run 'diagnose debug application forticldd -1' to check related error:
[3386] fds_check_request: Not enough SMS quota.
Collect the following debug outputs:
diagnose debug application forticldd -1 diagnose debug enable
diagnose debug disable diagnose debug reset
[291] fds_https_recv: read 147 bytes: pos=147, buf_len=8192 [313] fds_https_recv: received the header from server: 38.21.192.4:443, [HTTP/1.0 503 Service Unavailable Cache-Control: no-cache Connection: close Content-Type: text/html Content-Length: 22] [323] fds_https_recv: response code is 503: [HTTP/1.0 503 Service Unavailable Cache-Control: no-cache If the message server status shows unknown, disable anycast and wait for 2-3 hours.
config sys fortiguard set fortiguard-anycast disable end
If the server status still shows as unknown, assign a token to the user and send the activation code using the SMS method to trigger the status update.
Troubleshooting steps:
Sniffer:
WCF_FG100F # diagnose sniffer packet any "host <message-server-ip> and port 443" 4 0 l
Logs:
diagnose test application forticldd 4 diagnose test application forticldd 5 get system status execute fortiguard-message info
Debugs:
diagnose debug reset diagnose debug application update -1 diagnose debug application forticldd -1 diagnose debug en execute update-now
To stop debugging:
diagnose debug disable diagnose debug reset
Note: Ensure FortiGate has an SMS service license.
Related article: |
