FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to troubleshoot error -7650 (in CLI) or Internal server error (in GUI) seen when activating a new Fortitoken Mobile.
Scope FortiGate 6.x.

If importing the license is done from GUI, the error 'Internal server error' will appear.

Import it over CLI and run some debug:


# diag debug console timestamp enable
# diag debug app forticldd -1
# diag debug app alert -1
# diag fortitoken debug enable
# diag debug enable
# execute fortitoken-mobile import <ActivationCodeFromRedemptionCertificate>


If the output is something like:


2022-05-17 13:41:54 ftm_cfg_import_license[321]:import license abcd-efgh-1234-5678-9101
2022-05-17 13:41:55 ftm_fc_comm_connect[55]:ftm TCPS connected.2022-05-17 13:41:55 ftm_fc_comm_send_request[117]:send packet success.

POST /SoftToken/Provisioning.asmx/Process HTTP/1.1
Accept: application/json, text/javascript, */*, q=0.01
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Length: 246
Connection: Keep-Alive
Cache-Control: no-cache

{ "d": { "__type": "SoftToken.ActivationLicenseRequest", "__version": "4", "license_activation_code": "abcd-efgh-1234-5678-9101", "serial_number": "FGT60XTK00000000", "__device_version": "7.0", "__device_build": "0304", "__clustered_sns": [ ] } }

2022-05-17 13:42:01 ftm_fc_comm_recv_response[266]:receive packet success.

{"d":{"__type":"SoftToken.ActivationLicenseResponse","__version":"4","serial_number":"FGT60XTK00000000","__device_version":"7.0","__device_build":"0304","__clustered_sns":[],"license_activation_code":"abcd-efgh-1234-5678-9101","license":"","tokens":null,"result":0,"error":{"error_code":100,"error_message":"forticare service unavailable"}}}

2022-05-17 13:42:01 ftm_fc_command[615]:received error from forticare [-7650]
import fortitoken license error: -7650


'Forticare service unavailable' suggests that the firewall could not reach FortiGuard network, or the FortiGuard network was temporarily unavailable.


1) Check if the firewall can reach on port 443:


# execute telnet 443


2) It is  also possible to run a packet capture when importing the license, use the IP address resolved at 1):


# diagnose sniffer packet any "host and port 443" 4 0 a


- If 1 shows a connection and 2 shows successful communication, try to import the license again later.
- If that still fails, check the following related articles.
- If it does not help,  raise a case with Technical Support Team with all the outputs and checks done.

Related articles