|
As mentioned earlier, sometimes during an ADOM integrity check, FortiManager shows an error regarding the FortiExtender package, such as the following:
diagnose cdb check adom-integrity
General updating - adom FortiCarrier ... ...100% No errors
General updating - adom FortiFirewall ... ..100% No errors
General updating - adom FortiFirewallCarrier ... ..100% No errors
General updating - adom ADOM1 ... ....10%..20%..30%..40%...50%....
............60%..............................................70%..
.....80%.........................90%..........................100%
An error has occured: (errno=170):Package copy failed. object: fortiextender. detail: failed to copy 68469-3
General updating - adom Unmanaged_Devices ... ...100% No errors
General updating - adom root ... ...100% No errors
General updating - adom Global ... ...100% No errors
To fix, it is first necessary to identify which devices cause errors via the FortiManager CLI, using the following:
exe fmpolicy print-adom-package <ADOM_ID> 14
ID <package name>
229412 name=64845-3, pathname=FGT-111-FW_root
229429 name=68461-3, pathname=FGT-112-FW_root
229446 name=64869-3, pathname=FGT-113-FW_root
229463 name=64870-3, pathname=FGT-114-FW_root
229480 name=64875-3, pathname=FGT-115-FW_root
229497 name=64880-3, pathname=FGT-116-FW_root
[...]
Check which hostname has the policy package name from the error shown in the adom-integry output.
After, use the following command to align the ADOM FortiExtender DB for a specific device:
diag dvm extender sync-extender-data FGT-113-FW force syncadmon
After the sync command, repeat the ADOM integrity check and verify if there are any other devices with the FortiExtender DB that are not aligned. If there are, repeat the procedure.
Related documents:
Technical Tip: How to check FortiManager database integrity prior to upgrade
|
