Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mzainuddinahm
Staff & Editor
Staff & Editor

Created on ‎05-11-2020 04:49 AM Edited on ‎09-04-2025 05:44 AM By Moderator

Article Id 192935

Troubleshooting Tip: 'execute update-now' command fails to execute

Description

 

This article describes how to resolve an issue where the 'execute update-now' command fails with error 'Command fail. Return code 6'.

 

Scope

 

FortiGate.

Solution


The command 'execute update-now' can fail when executed.
The primary issue investigated was license-expired/warning messages on FortiGate.


When attempting to update the unit using 'execute update-now', the command fails with the error 'Command fail. Return code 6'.

 

To solve the issue:

  1. Make sure the admin who logged in has full rights.
  2. Check the running processes by using the following command to find out the PID of the 'updated' daemon.

 

diagnose sys top

 

Run Time:  1 days, 5 hours and 33 minutes

0U, 0N, 1S, 99I, 0WA, 0HI, 0SI, 0ST; 7996T, 4956F

          fgtlogd      499      S       0.0     0.3    3

          httpsd     1862      S       0.0     0.3    1

          httpsd     1863      S       0.0     0.3    2

         reportd      250      S       0.0     0.2    2

            csfd      628      S       0.0     0.2    2

           fgfmd      268      S       0.0     0.2    3

          httpsd      230      S       0.0     0.2    1

 

The second column from the above command shows the process ID.

 

  1. Use this command to kill the updated daemon:

 

diagnose sys kill 11 <pid_of_updated>

diagnose sys kill 11 1862

diagnose sys kill 11 1863

diagnose sys kill 11 230

 

In the above command, the httpsd processes are killed one by one based on the process IDs shown (1862, 1863, 230, as in the output for httpsd).

It is possible to kill all processes at once with the following command:

 

fnsysctl killall <PPROCESS_NAME>

 

Here, it is necessary to obtain all of the currently running process IDs to perform a restart.

 

Note: Super Admin privilege is required to run the 'fnsysctl' command. Otherwise, FortiGate will return an error, as explained in Troubleshooting Tip: fnsysctl command returns Unknown action 0.

 

  1. Next, trigger an automatic update using the following command:

 

execute update-now

       

To see what is going on in the FortiGate, run the following commands:

 

diagnose debug application update -1

diagnose debug console time enable

diagnose debug enable

 

  1. Check the licensing status of the unit.

Note that, in an HA cluster, the 'updated' process does not run on the secondary device. All updates are performed by the primary device, which forwards them to the secondary.

 

Related article:

Technical Tip: Diagnose sys top CLI command

Labels:
28610
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.