Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
dkoprusak
Staff
Staff

Created on ‎09-27-2024 04:34 AM Edited on ‎09-30-2024 11:45 PM By Moderator

Article Id 345090

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Invalid FQDN'

Description

This article describes how to get more information and provides the solution for a successful ADOM upgrade if such an issue occurs.

During an ADOM upgrade, it is possible to encounter the error 'Fail(errno=-2):Invalid FQDN'.
Scope FortiManager, ADOM upgrade.
Solution

To get more information on what causes the error, use the diagnostics outlined in:

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Direction of member(s) must eithe....

 

After, trigger the ADOM upgrade to generate the error and check the generated output.

It should be similar to the following:

 

copy dynamic_mapping.(null)(soid=<ID>) to dparent=<ID>,
--> commit copy dynamic_mapping.(null)(soid=<ID>) to dparent=<ID>, fail: err=-2,Invalid FQDN
======= Dump sentry and dentry======
<ID> ---> <ID>
associated-interface: any ---> any
subnet: 0.0.0.0 0.0.0.0 ---> 0.0.0.0 0.0.0.0
type: fqdn ---> fqdn
sub-type: sdn ---> sdn
start-ip: 0.0.0.0 ---> 0.0.0.0
end-ip: 0.0.0.0 ---> 0.0.0.0
wildcard: 0.0.0.0 0.0.0.0 ---> 0.0.0.0 0.0.0.0
cache-ttl: 0 ---> 0
color: 0 ---> 0
uuid: <UUID> ---> <UUID>
allow-routing: disable ---> disable
start-mac: 00:00:00:00:00:00 --->
end-mac: 00:00:00:00:00:00 --->
sdn-addr-type: private ---> private
clearpass-spt: unknown ---> unknown
global-object: 0 --->
obj-type: ip ---> ip
fabric-object: disable ---> disable
===================================
copy dynamic_mapping.(null)(soid=<ID>) to dparent=<ID>, :fail.

 

As a next step list all dynamic objects for each device in the ADOM:

 

diagnose dvm device dynobj <device>

 

Once the list is completed, search for the UUID identified previously. The issue will be located in the configuration similar to:

 

config firewall address
    edit <address object name where the issue is>
         config dynamic_mapping
             edit "<device>"-"<VDOM>"
                 set associated-interface "any"
                 set type fqdn
                 set uuid <UUID>
             next
        end

 

To correct the issue and perform a successful ADOM upgrade:

  1. Remove the identified references from the objects: under Policy & Objects -> Object Configurations -> Firewall Objects -> Addresses > <address object name where the issue is> > Per-Device Mapping and select the identified dynamic mapping -> Delete.
  2. (Optional): By observing the faulty mapping, identify other objects with the same configuration and delete these references.
  3. The upgrade should succeed. If there are more failures, use the above procedure to identify and correct the rest.

Related articles:

Technical Tip: How to upgrade an ADOM on FortiManager

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Direction of member(s) must eithe...

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Do not support urlfilter-table fo...
Labels:
213
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.