Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kiri
Staff
Staff

Created on ‎05-22-2022 07:54 AM Edited on ‎04-19-2023 07:13 AM By Moderator

Article Id 212759

Troubleshooting Tip: import FortiToken license, 'Internal server error', error: -7650

Description This article describes how to troubleshoot error -7650 (in CLI) or Internal server error (in GUI) seen when activating a new Fortitoken Mobile.
Scope FortiGate 6.x.
Solution

If importing the license is done from GUI, the error 'Internal server error' will appear.


Import it over CLI and run some debug:

 

# diag debug console timestamp enable
# diag debug app forticldd -1
# diag debug app alert -1
# diag fortitoken debug enable
# diag debug enable
# execute fortitoken-mobile import <ActivationCodeFromRedemptionCertificate>

 

If the output is something like:

 

2022-05-17 13:41:54 ftm_cfg_import_license[321]:import license abcd-efgh-1234-5678-9101
2022-05-17 13:41:55 ftm_fc_comm_connect[55]:ftm TCPS connected.2022-05-17 13:41:55 ftm_fc_comm_send_request[117]:send packet success.

POST /SoftToken/Provisioning.asmx/Process HTTP/1.1
Accept: application/json, text/javascript, */*, q=0.01
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 208.91.113.53:443
Content-Length: 246
Connection: Keep-Alive
Cache-Control: no-cache

{ "d": { "__type": "SoftToken.ActivationLicenseRequest", "__version": "4", "license_activation_code": "abcd-efgh-1234-5678-9101", "serial_number": "FGT60XTK00000000", "__device_version": "7.0", "__device_build": "0304", "__clustered_sns": [ ] } }

2022-05-17 13:42:01 ftm_fc_comm_recv_response[266]:receive packet success.

{"d":{"__type":"SoftToken.ActivationLicenseResponse","__version":"4","serial_number":"FGT60XTK00000000","__device_version":"7.0","__device_build":"0304","__clustered_sns":[],"license_activation_code":"abcd-efgh-1234-5678-9101","license":"","tokens":null,"result":0,"error":{"error_code":100,"error_message":"forticare service unavailable"}}}

2022-05-17 13:42:01 ftm_fc_command[615]:received error from forticare [-7650]
import fortitoken license error: -7650

 

'Forticare service unavailable' suggests that the firewall could not reach FortiGuard network, or the FortiGuard network was temporarily unavailable.

 

1) Check if the firewall can reach globalftm.fortinet.net on port 443:

 

# execute telnet globalftm.fortinet.net 443

 

2) It is  also possible to run a packet capture when importing the license, use the IP address resolved at 1):

 

# diagnose sniffer packet any "host 208.91.113.53 and port 443" 4 0 a

 

- If 1 and 2 show successful communication, try to disable the anycast mode on FortiGuard settings then try to import the tokens again.
- If it still does not help, please raise a case with Technical Support Team with all the outputs and checks done.
Related articles

https://community.fortinet.com/t5/FortiToken/Technical-Note-FortiToken-basic-troubleshooting/ta-p/19...
4542
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.